2 matches found
The vulnerability of the Endian Firewall, which allows a hacker to execute arbitrary commands
The vulnerability of the Endian Firewall is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending metascripts through the NEWPASSWORD1 or NEWPASSWORD2 parameter in the cgi-bin/chpasswd.cgi file...
Endian Firewall OS Command Injection Vulnerability
Endian Firewall is a suite of unified risk management tools based on Red Hat Enterprise Linux. The Endian Firewall cgi-bin/chpasswd.cgi file fails to adequately filter the 'NEWPASSWORD1' and 'NEWPASSWORD2' parameters, allowing remote attacker to submit special requests to execute arbitrary comman...