197 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the 1 admin or 2 dial password via a request to httpd/cgi-bin/changepw.cgi...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the 1 PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or 2 COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi...
CVE-2011-5283
Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...
CVE-2014-9430
Cross-site scripting XSS vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action...
CVE-2014-9431
Multiple cross-site request forgery CSRF vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the 1 admin or 2 dial password via a request to httpd/cgi-bin/changepw.cgi...
CVE-2014-9429
Multiple cross-site scripting XSS vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the 1 PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or 2 COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi...
CVE-2014-9429
CVE-2014-9429 affects Smoothwall Express 3.1 and 3.0 SP3. The vulnerability is a set of cross-site scripting flaws in the web management interface, exploitable via the PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or the COMMENT parameter in an Add action to httpd/cgi-bin/d...
CVE-2011-5283
CVE-2011-5283 is an XSS vulnerability in Smoothwall Express (web management interface) via httpd/cgi-bin/ipinfo.cgi, affecting Smoothwall Express 3.1 and 3.0 SP3 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML through the IP parameter in a Run action. Exploit...
CVE-2014-9431
CVE-2014-9431 describes multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3. The flaws allow remote attackers to hijack the authentication of administrators and change either the admin or dial password by issuing requests to httpd/cgi-bin/changepw.cgi....
CVE-2014-9430
CVE-2014-9430 describes a cross-site scripting (XSS) vulnerability in Smoothwall Express 3.0 SP3, specifically in the file httpd/cgi-bin/vpn.cgi/vpnconfig.dat where an attacker can inject arbitrary web script or HTML via the COMMENT parameter in an Add action. Multiple connected records corrobora...
CVE-2011-5284
CVE-2011-5284 describes a Cross-site Request Forgery vulnerability in Smoothwall Express 3.1 and 3.0 SP3 and earlier, specifically in the web management interface’s httpd/cgi-bin/shutdown.cgi. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform reboo...
SmoothWall Express 3.0 - Multiple Vulnerabilities
No description provided by source. The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: html title SmoothWall Express 3.0 xss /title body form action=http://192.168.0.1:81/cgi-bin/ipinfo.cgi; method=post id=xssplz input type=hidden name=IP...
SmoothWall Express 3.0 Multiple Vulnerabilities
Exploit for cgi platform in category web applications The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf...
SmoothWall Express 3.0 - Multiple Vulnerabilities
SmoothWall Express 3.0 - Multiple Vulnerabilities The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf...
SmoothWall Express 3.0 - Multiple Vulnerabilities
The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf document.getElementById"csrfplz".submit;...
SmoothWall Express 3.0 Cross Site Request Forgery / Cross Site Scripting
The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf document.getElementById"csrfplz".submit; -- Something's rotten in the state of...