IPCop 安全漏洞

IPCop is a firewall software from IPCop Open Source. A security vulnerability exists in IPCop 2.1.9 and earlier versions that stems from the email configuration component not properly cleaning up user input, which could lead to remote code execution...

EUVD-2013-7182

Malware in sbrugna...

EUVD-2005-4653

Malware in sbrugna...

EUVD-2005-4654

Malware in sbrugna...

CVE-2013-7418

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

CVE-2005-4660

Race condition in IPCop aka IPCop Firewall before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from...

IPCop Firewall cgi-bin/iptablesgui.cgi Arbitrary Code Execution Vulnerability

IPCop Firewall is a firewall suite for the Linux environment , mainly for home and SOHO Small Office/Home Office users . An arbitrary code execution vulnerability exists in cgi-bin/iptablesgui.cgi in IPCop Firewall, which allows remote authenticated users to execute arbitrary code via the TABLE...

Cross site scripting

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

CVE-2013-7418

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

CVE-2013-7418

cgi-bin/iptablesgui.cgi in IPCop aka IPCop Firewall before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting XSS vulnerability...

CVE-2013-7417

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

CVE-2005-4660

Race condition in IPCop aka IPCop Firewall before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from...

CVE-2005-4659

IPCop aka IPCop Firewall before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from th...

CVE-2005-4660

CVE-2005-4660 concerns IPCop Firewall prior to 1.4.10, where a race condition may allow a local attacker to overwrite system configuration files. The underlying flaw involves replacing a backup archive during the window when it is owned by namebody but not yet encrypted, and then executing ipco...

CVE-2005-4659

IPCop aka IPCop Firewall before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from th...