19 matches found
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...
CVE-2022-31789
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
CVE-2022-31791
WatchGuard Firebox and XTM appliances allow a local attacker that has already obtained shell access to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
CVE-2022-31790
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
WatchGuard Firebox 安全漏洞
WatchGuard Firebox is a U.S. WatchGuard company that provides a comprehensive range of Internet security services, from traditional IPS and GAV, to website/application control and malicious software prevention. A security vulnerability exists in the WatchGuard Firebox and XTM devices that...
WatchGuard Firebox 输入验证错误漏洞
WatchGuard Firebox is a U.S. WatchGuard company that provides a comprehensive range of network security services, from traditional IPS and GAV, to website/application control and malicious software prevention. A security vulnerability exists in the WatchGuard Firebox and XTM appliances, which...
PT-2022-20935 · Watchguard · Fireware Os +2
Name of the Vulnerable Software and Affected Versions: WatchGuard Firebox and XTM appliances versions prior to 12.1.4 WatchGuard Firebox and XTM appliances versions prior to 12.5.10 WatchGuard Firebox and XTM appliances versions prior to 12.8.1 Description: The issue allows an unauthenticated...
PT-2022-20933 · Watchguard · Fireware Os +2
Name of the Vulnerable Software and Affected Versions: WatchGuard Firebox and XTM appliances versions prior to 12.1.4 WatchGuard Firebox and XTM appliances versions prior to 12.5.10 WatchGuard Firebox and XTM appliances versions prior to 12.8.1 Description: An integer overflow allows an...
CVE-2022-25361
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...
VulnCheck KEV: CVE-2022-23176
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...
VulnCheck KEV: CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code...
CVE-2022-25291
An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2U...
CVE-2022-25290
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...
CVE-2022-25290
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...
CVE-2014-6413
A Cross-site Scripting XSS vulnerability exists in WatchGuard XTM 11.8.3 via the pollname parameter in the firewall/policy script...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists in WatchGuard XTM 11.8.3 via the pollname parameter in the firewall/policy script...
CVE-2014-6413
A Cross-site Scripting XSS vulnerability exists in WatchGuard XTM 11.8.3 via the pollname parameter in the firewall/policy script...
WatchGuard XTM 11.8.3 Cross Site Scripting
I. VULNERABILITY Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. III...
WatchGuard XTM 11.8 Cross Site Scripting
I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the...