83 matches found
Sql injection
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...
CVE-2019-18646
Affected product/versions: Untangle NG firewall 14.2.0. Vulnerability: authenticated inline-query SQL injection in the timeDataDynamicColumn parameter when logged in as an admin user. Root cause: improper handling of inline SQL in the affected parameter. Impact: not explicitly quantified beyond t...
CVE-2019-18646
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...
CVE-2019-18647
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...
CVE-2019-18647
CVE-2019-18647 concerns Untangle NG firewall 14.2.0, with an authenticated command injection when logged in as an admin user. The vulnerability is described across multiple sources (NVD, Red Hat advisory, CVE lists) and is classified with high impact (C/H/I/A) and a high base score (CVSS v3.1: 7....
CVE-2019-18648
CVE-2019-18648 affects Untangle NG firewall 14.2.0 with a reflected XSS vulnerability exploitable when an administrator is logged in. The weakness is reported at multiple input fields and other input points, enabling injection of malicious scripts via user-supplied data. The provided documents in...
CVE-2019-18648
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...
CVE-2019-18649
The CVE-2019-18649 entry concerns Untangle NG firewall 14.2.0 where an admin-authenticated user can trigger a stored XSS in the Title input under Reports. Documented impact metrics include CVSS v2 base score 3.5 (LOW) and CVSS v3.1 base score 4.8 (MEDIUM); both indicate potential confidentiality/...
CVE-2019-18649
When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...
Untangle NGFW has multiple vulnerabilities
Untangle NGFW is a set of firewall platforms from the United States Untangle Corporation. Untangle NGFW 12.1.0 and earlier versions contain security bypass vulnerabilities and command injection vulnerabilities that can be exploited by attackers to conduct man-in-the-middle attacks, bypass securit...
Untangle NG Firewall RCE Vulnerability
The remote Untangle NG Firewall is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Untangle NG Firewall Detection
This script performs HTTP based detection of Untangle NG Firewall. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Untangle NG Firewall Detection
Binary data untanglengfirewalldetect.nbin...
Untangle NG Firewall Captive Portal RCE
The Untangle NG Firewall server running on the remote host is affected by a remote code execution vulnerability in the Captive Portal module, specifically within the /capture/handler.py script, due to a failure to verify that a user is authenticated before processing file uploads. An...
Untangle NGFW 12.1.0 Beta - execEvil() Command Injection
Untangle NGFW 12.1.0 Beta - execEvil Command Injection !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: [email protected] Disclosure Timeline: 22/4/2016 Attempted t...
Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection
!/usr/bin/python Title: Untangle NGFW "...
Untangle NGFW 12.1.0 Beta - execEvil() Command Injection
Exploit for jsp platform in category web applications !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: email protected Disclosure Timeline: 22/4/2016 Attempted to contact...
Untangle NGFW 12.1.0 Beta execEvil() Command Injection
!/usr/bin/python Title: Untangle NGFW " print "! and in a separat...
Untangle NGFW HTML Injection Vulnerability
Untangle NGFW is a set of firewall platforms from the US company Untangle. The platform supports web filtering, virus blocking and spam blocking. An HTML injection vulnerability exists in Untangle NGFW. When a user browses an affected website, their browser will execute arbitrary HTML or script...
Untangle NGFW Information Disclosure Vulnerability
Untangle NGFW is a set of firewall platforms from the US company Untangle. The platform supports web filtering, virus blocking and spam blocking. An information disclosure vulnerability exists in Untangle NGFW, which allows attackers to exploit the vulnerability to gain access to sensitive...