EUVD-2005-4577

Malware in sbrugna...

EUVD-2005-4576

Malware in sbrugna...

Electric Sheep Fencing pfsense command injection vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A command injection vulnerability exists in the statusinterfaces.php file in Electric Sheep Fencing pfSense versions prior to 2.4.4, which can be exploited by an attack...

Electric Sheep Fencing pfsense clickjacking vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A clickjacking vulnerability exists in Electric Sheep Fencing pfSense 2.4.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

ESF pfSense squid_clwarn.php Cross Site Scripting

A cross-site scripting vulnerability has been reported in squid package of Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the url, source, user and virus variables in the squidclwarn.php page. By convincing a user to visit a malicious website, a...

Electric Sheep Fencing pfsense cross-site scripting vulnerability (CNVD-2015-05673)

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing pfsense, which can be exploited by remote attackers to inject arbitrary Web script or HTML...

Electric Sheep Fencing pfsense cross-site scripting vulnerability (CNVD-2015-05672)

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing pfsense, which can be exploited by remote attackers to inject arbitrary Web script or HTML...

Electric Sheep Fencing pfsense cross-site scripting vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing pfsense versions prior to 2.2.3, which stems from the systemauthservers.php script failing to...

Electric Sheep Fencing Pfsense 'zone' Parameter Cross-Site Scripting Vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing Pfsense that stems from the program's failure to adequately filter user-submitted input. When a us...

ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)

A cross-site scripting vulnerability has been reported in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the zone variable in the statuscaptiveportal page. A remote attacker can exploit the XSS vulnerability to execute arbitrary scripts in the user...

pfSense 2.2 - Multiple Vulnerabilities

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...

CVE-2005-4582

Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via 1 DNS spoofing, 2 a URL on the command line, or 3 a URL in the configuration file. NOTE: the same attack...

CVE-2005-4581

Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundarie...

CVE-2005-4582

CVE-2005-4582 affects Electric Sheep 2.6.3, where the client does not require authentication or integrity checks from the server. This can allow remote attackers to download and display arbitrary MPEG movie files via DNS spoofing, a URL on the command line, or a URL in the configuration file. The...

CVE-2005-4582

Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via 1 DNS spoofing, 2 a URL on the command line, or 3 a URL in the configuration file. NOTE: the same attack...

CVE-2005-4581

CVE-2005-4581: A buffer overflow in the Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. The advisory notes the program is not setuid and is not typically invoked by remote programs, so there may not be a typical privilege‑escalation attack ...

CVE-2005-4581

Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundarie...

Multiple Network-related Vulnerabilities in Electric Sheep

Polytechnic University ISIS Security Advisory PUISIS10212005 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://isis.poly.edu/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...