Lucene search
+L

223 matches found

Prion
Prion
added 2017/09/20 8:29 p.m.21 views

Design/Logic Flaw

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...

7.8CVSS7.5AI score0.01641EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/09/20 8:0 p.m.59 views

CVE-2017-14615

CVE-2017-14615 affects WatchGuard Fireware pre-12.0. An XML-RPC login endpoint issue allows JavaScript embedded in the user element to be rendered in the Web UI (Traffic Monitor: Events/All), causing a stored-XSS effect where subsequent events are hidden until a restart. Affected product: WatchGu...

6.1CVSS6.5AI score0.0095EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/09/20 8:0 p.m.25 views

CVE-2017-14616

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...

7.5AI score0.01641EPSS
Exploits1References2
CVE
CVE
added 2017/09/20 8:0 p.m.58 views

CVE-2017-14616

WatchGuard Fireware before 12.0 is affected by CVE-2017-14616. The issue occurs in the XML-RPC login flow: sending an XML message with an empty member element causes the wgagent to crash, logging out any active UI session and, with repeated failed logins, making UI management unusable. Affected p...

7.8CVSS7.5AI score0.01641EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2017/04/24 12:0 a.m.5 views

WatchGuard Fireware User Enumeration Vulnerability

WatchGuard Fireware is a firewall appliance from WatchGuard USA that provides intrusion protection, spam filtering, SSL VPN and more with intelligent layering technology. A user enumeration vulnerability exists in WatchGuard Fireware v11.12.1 and earlier versions. An attacker can exploit this...

5.3CVSS6.8AI score0.01591EPSS
Exploits1References1
CNVD
CNVD
added 2017/04/24 12:0 a.m.5 views

WatchGuard Fireware Denial of Service Vulnerability

WatchGuard Fireware is a firewall appliance from WatchGuard USA that provides intrusion protection, spam filtering, SSL VPN and more with intelligent layering technology. A denial of service vulnerability exists in WatchGuard Fireware v11.12.1 and prior versions. An attacker can exploit this...

5.3CVSS6.7AI score0.05076EPSS
Exploits2References1
OSV
OSV
added 2017/04/22 10:59 p.m.6 views

CVE-2017-8056

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...

5.3CVSS5.8AI score0.05076EPSS
Exploits2References4
NVD
NVD
added 2017/04/22 10:59 p.m.22 views

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5.3CVSS5.3AI score0.01591EPSS
Exploits1References4
Prion
Prion
added 2017/04/22 10:59 p.m.21 views

Design/Logic Flaw

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5CVSS5.3AI score0.01591EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2017/04/22 10:0 p.m.30 views

CVE-2017-8056

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...

5.2AI score0.05076EPSS
Exploits2References4
Cvelist
Cvelist
added 2017/04/22 10:0 p.m.26 views

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

5.3AI score0.01591EPSS
Exploits1References4
CVE
CVE
added 2017/04/22 10:0 p.m.57 views

CVE-2017-8055

WatchGuard Fireware contains a user enumeration flaw in the Firebox XML-RPC login handler. A login request with a blank password to the XML-RPC agent in Fireware v11.12.1 and earlier yields different responses for valid versus invalid usernames, enabling an attacker to enumerate valid usernames o...

5.3CVSS5.3AI score0.01591EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2017/04/19 12:0 a.m.5 views

WatchGuard Fireware XML-RPC External Entity Extension Denial of Service Vulnerability

The full name of XML-RPC is XML Remote Procedure Call, that is, XML a subset under Standard Generalized Markup Language remote procedure call. An external entity extension denial of service vulnerability exists in WatchGuard Fireware XML-RPC, which can be exploited by an attacker to crash the...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2017/04/19 12:0 a.m.3 views

WatchGuard Fireware XML-RPC User Enumeration Vulnerability

The full name of XML-RPC is XML Remote Procedure Call, that is, XML a subset under Standard Generalized Markup Language remote procedure call. A user enumeration vulnerability exists in WatchGuard Fireware XML-RPC, where when a login attempt is made using a blank password directly on the login...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2016/05/21 12:0 a.m.1 views

Fireware XTM Web UI Open Redirect Vulnerability

Fireware is the operating system for the WatchGuard UTM security solution. web UI to manage the device. An open redirect vulnerability exists in the Fireware XTM Web UI login form. An attacker is able to redirect to an arbitrary website via a WatchGuard Fireware XTM Web UI page...

6.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/05/20 12:0 a.m.41 views

WatchGuard Fireware XTM < 11.10.7 Open Redirect Vulnerability

WatchGuard Fireware XMT Web UI is prone to an open redirect vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

7.2AI score
Exploits0References2
seebug.org
seebug.org
added 2014/04/21 12:0 a.m.1690 views

Watchguard Fireware XTM OpenSSL TLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 WatchGuard Fireware XTM是一款防火墙设备。 WatchGuard Fireware XTM所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 WatchGuard Fireware XTM 11.x WatchGuard Fireware XTM 11.8.3 Update 1版本已修复该漏洞,建议用户下载使用: http://watchguardsecuritycenter.com...

5CVSS0.99999EPSS
Exploits90
seebug.org
seebug.org
added 2014/03/17 12:0 a.m.36 views

WatchGuard Fireware XTM 'poll_name'参数跨站脚本漏洞

Bugtraq ID:66210 CVE ID:CVE-2014-0338 WatchGuard Fireware XTM是一款多功能防火墙管理软件。 WatchGuard Fireware XTM不正确过滤用户提交给"pollname"参数的数据,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 WatchGuard Fireware XTM 11.8 目前没有详细解决方案提供: http://www.watchguard.com/products/fireware-xtm.asp...

4.3CVSS6.6AI score0.01551EPSS
Exploits2
NVD
NVD
added 2014/03/16 2:6 p.m.17 views

CVE-2014-0338

Multiple cross-site scripting XSS vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the polname parameter...

4.3CVSS5.7AI score0.01551EPSS
Exploits2References5
Prion
Prion
added 2014/03/16 2:6 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the polname parameter...

4.3CVSS6AI score0.01551EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder