2 matches found
Endian Firewall OS Command Injection Vulnerability
Endian Firewall is a suite of unified risk management tools based on Red Hat Enterprise Linux. The Endian Firewall cgi-bin/chpasswd.cgi file fails to adequately filter the 'NEWPASSWORD1' and 'NEWPASSWORD2' parameters, allowing remote attacker to submit special requests to execute arbitrary comman...
Code injection
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 NEWPASSWORD1 or 2 NEWPASSWORD2 parameter to cgi-bin/chpasswd.cgi...