223 matches found
Design/Logic Flaw
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...
CVE-2017-14615
CVE-2017-14615 affects WatchGuard Fireware pre-12.0. An XML-RPC login endpoint issue allows JavaScript embedded in the user element to be rendered in the Web UI (Traffic Monitor: Events/All), causing a stored-XSS effect where subsequent events are hidden until a restart. Affected product: WatchGu...
CVE-2017-14616
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...
CVE-2017-14616
WatchGuard Fireware before 12.0 is affected by CVE-2017-14616. The issue occurs in the XML-RPC login flow: sending an XML message with an empty member element causes the wgagent to crash, logging out any active UI session and, with repeated failed logins, making UI management unusable. Affected p...
WatchGuard Fireware User Enumeration Vulnerability
WatchGuard Fireware is a firewall appliance from WatchGuard USA that provides intrusion protection, spam filtering, SSL VPN and more with intelligent layering technology. A user enumeration vulnerability exists in WatchGuard Fireware v11.12.1 and earlier versions. An attacker can exploit this...
WatchGuard Fireware Denial of Service Vulnerability
WatchGuard Fireware is a firewall appliance from WatchGuard USA that provides intrusion protection, spam filtering, SSL VPN and more with intelligent layering technology. A denial of service vulnerability exists in WatchGuard Fireware v11.12.1 and prior versions. An attacker can exploit this...
CVE-2017-8056
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
Design/Logic Flaw
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
CVE-2017-8056
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...
CVE-2017-8055
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...
CVE-2017-8055
WatchGuard Fireware contains a user enumeration flaw in the Firebox XML-RPC login handler. A login request with a blank password to the XML-RPC agent in Fireware v11.12.1 and earlier yields different responses for valid versus invalid usernames, enabling an attacker to enumerate valid usernames o...
WatchGuard Fireware XML-RPC External Entity Extension Denial of Service Vulnerability
The full name of XML-RPC is XML Remote Procedure Call, that is, XML a subset under Standard Generalized Markup Language remote procedure call. An external entity extension denial of service vulnerability exists in WatchGuard Fireware XML-RPC, which can be exploited by an attacker to crash the...
WatchGuard Fireware XML-RPC User Enumeration Vulnerability
The full name of XML-RPC is XML Remote Procedure Call, that is, XML a subset under Standard Generalized Markup Language remote procedure call. A user enumeration vulnerability exists in WatchGuard Fireware XML-RPC, where when a login attempt is made using a blank password directly on the login...
Fireware XTM Web UI Open Redirect Vulnerability
Fireware is the operating system for the WatchGuard UTM security solution. web UI to manage the device. An open redirect vulnerability exists in the Fireware XTM Web UI login form. An attacker is able to redirect to an arbitrary website via a WatchGuard Fireware XTM Web UI page...
WatchGuard Fireware XTM < 11.10.7 Open Redirect Vulnerability
WatchGuard Fireware XMT Web UI is prone to an open redirect vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
Watchguard Fireware XTM OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 WatchGuard Fireware XTM是一款防火墙设备。 WatchGuard Fireware XTM所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 WatchGuard Fireware XTM 11.x WatchGuard Fireware XTM 11.8.3 Update 1版本已修复该漏洞,建议用户下载使用: http://watchguardsecuritycenter.com...
WatchGuard Fireware XTM 'poll_name'参数跨站脚本漏洞
Bugtraq ID:66210 CVE ID:CVE-2014-0338 WatchGuard Fireware XTM是一款多功能防火墙管理软件。 WatchGuard Fireware XTM不正确过滤用户提交给"pollname"参数的数据,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 WatchGuard Fireware XTM 11.8 目前没有详细解决方案提供: http://www.watchguard.com/products/fireware-xtm.asp...
CVE-2014-0338
Multiple cross-site scripting XSS vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the polname parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the polname parameter...