53 matches found
FreeNAS Web Detection
The administrative web interface for FreeNAS was detected on the remote host. FreeNAS is an open source network attached storage NAS distribution based on FreeBSD. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50509; scriptversion"1.9";...
FreeNAS 'exec_raw.php' Arbitrary Command Execution
The version of FreeNAS on the remote host fails to restrict access to its 'execraw.php' script. A remote, unauthenticated attacker can pass arbitrary commands through the script's 'cmd' parameter and have them executed with administrative privileges. %NASLMINLEVEL 70300 C Tenable Network Security...
CVE-2009-2738
Cross-site request forgery CSRF vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...
CVE-2009-2739
Cross-site scripting XSS vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2009-2738
CVE-2009-2738 is a CSRF vulnerability affecting FreeNAS WebGUI prior to version 0.7RC1. The issue allows an attacker to hijack a user’s authenticated session and perform unspecified actions via forged requests, when the user is logged into the WebGUI, due to CSRF in the web interface. Public docu...
CVE-2009-2739
Cross-site scripting XSS vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2009-2738
Cross-site request forgery CSRF vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors...
CVE-2009-2739
CVE-2009-2739 is a cross-site scripting (XSS) vulnerability in FreeNAS prior to 0.69.2. The issue allows remote attackers to inject arbitrary web script or HTML in the browser, via unknown vectors, potentially enabling script execution in the context of the affected user. Affected versions includ...
Cross-site request forgery vulnerability in FreeNAS
Overview FreeNAS contains a cross-site request forgery vulnerability. FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Hiroyuki Shinshiba of LAC:Little eArth Corporation Co., LTD. reported this vulnerability to IPA. JPCERT/CC...
JVN#15267895 Cross-site request forgery vulnerability in FreeNAS
FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the web-based interface, an attacker could modify configurations or delete data on the hard disk drive. Solution...
JVN#89791790 Cross-site scripting vulnerability in FreeNAS
FreeNAS is a NAS Network Attached Storage server software. FreeNAS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...