Lucene search
K

83 matches found

Prion
Prion
added 2019/11/14 3:15 p.m.16 views

Sql injection

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...

6.5CVSS7.2AI score0.00907EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/14 2:17 p.m.50 views

CVE-2019-18646

Affected product/versions: Untangle NG firewall 14.2.0. Vulnerability: authenticated inline-query SQL injection in the timeDataDynamicColumn parameter when logged in as an admin user. Root cause: improper handling of inline SQL in the affected parameter. Impact: not explicitly quantified beyond t...

7.2CVSS7.2AI score0.00907EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 2:17 p.m.19 views

CVE-2019-18646

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user...

7.3AI score0.00907EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/14 2:16 p.m.21 views

CVE-2019-18647

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...

7.2AI score0.01869EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 2:16 p.m.52 views

CVE-2019-18647

CVE-2019-18647 concerns Untangle NG firewall 14.2.0, with an authenticated command injection when logged in as an admin user. The vulnerability is described across multiple sources (NVD, Red Hat advisory, CVE lists) and is classified with high impact (C/H/I/A) and a high base score (CVSS v3.1: 7....

9CVSS7.1AI score0.01869EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/14 2:13 p.m.44 views

CVE-2019-18648

CVE-2019-18648 affects Untangle NG firewall 14.2.0 with a reflected XSS vulnerability exploitable when an administrator is logged in. The weakness is reported at multiple input fields and other input points, enabling injection of malicious scripts via user-supplied data. The provided documents in...

4.8CVSS4.9AI score0.00523EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 2:13 p.m.21 views

CVE-2019-18648

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields...

5AI score0.00523EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 2:3 p.m.55 views

CVE-2019-18649

The CVE-2019-18649 entry concerns Untangle NG firewall 14.2.0 where an admin-authenticated user can trigger a stored XSS in the Title input under Reports. Documented impact metrics include CVSS v2 base score 3.5 (LOW) and CVSS v3.1 base score 4.8 (MEDIUM); both indicate potential confidentiality/...

4.8CVSS5AI score0.00523EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 2:3 p.m.18 views

CVE-2019-18649

When logged in as an admin user, the Title input field under Reports within Untangle NG firewall 14.2.0 is vulnerable to stored XSS...

5.1AI score0.00523EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.1 views

Untangle NGFW has multiple vulnerabilities

Untangle NGFW is a set of firewall platforms from the United States Untangle Corporation. Untangle NGFW 12.1.0 and earlier versions contain security bypass vulnerabilities and command injection vulnerabilities that can be exploited by attackers to conduct man-in-the-middle attacks, bypass securit...

8.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/07/18 12:0 a.m.18 views

Untangle NG Firewall RCE Vulnerability

The remote Untangle NG Firewall is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/07/18 12:0 a.m.28 views

Untangle NG Firewall Detection

This script performs HTTP based detection of Untangle NG Firewall. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/15 12:0 a.m.13 views

Untangle NG Firewall Detection

Binary data untanglengfirewalldetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/07/15 12:0 a.m.67 views

Untangle NG Firewall Captive Portal RCE

The Untangle NG Firewall server running on the remote host is affected by a remote code execution vulnerability in the Captive Portal module, specifically within the /capture/handler.py script, due to a failure to verify that a user is authenticated before processing file uploads. An...

6.7AI score
Exploits0References1
exploitpack
exploitpack
added 2016/06/28 12:0 a.m.18 views

Untangle NGFW 12.1.0 Beta - execEvil() Command Injection

Untangle NGFW 12.1.0 Beta - execEvil Command Injection !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: [email protected] Disclosure Timeline: 22/4/2016 Attempted t...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/06/28 12:0 a.m.21 views

Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection

!/usr/bin/python Title: Untangle NGFW "...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/06/28 12:0 a.m.26 views

Untangle NGFW 12.1.0 Beta - execEvil() Command Injection

Exploit for jsp platform in category web applications !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: email protected Disclosure Timeline: 22/4/2016 Attempted to contact...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/06/27 12:0 a.m.30 views

Untangle NGFW 12.1.0 Beta execEvil() Command Injection

!/usr/bin/python Title: Untangle NGFW " print "! and in a separat...

0.4AI score
Exploits0
CNVD
CNVD
added 2015/07/08 12:0 a.m.1 views

Untangle NGFW HTML Injection Vulnerability

Untangle NGFW is a set of firewall platforms from the US company Untangle. The platform supports web filtering, virus blocking and spam blocking. An HTML injection vulnerability exists in Untangle NGFW. When a user browses an affected website, their browser will execute arbitrary HTML or script...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2015/07/08 12:0 a.m.2 views

Untangle NGFW Information Disclosure Vulnerability

Untangle NGFW is a set of firewall platforms from the US company Untangle. The platform supports web filtering, virus blocking and spam blocking. An information disclosure vulnerability exists in Untangle NGFW, which allows attackers to exploit the vulnerability to gain access to sensitive...

6.4AI score
Exploits0References1
Rows per page
Query Builder