CVE-2025-50976

IPFire 2.29 DNS management interface dns.cgi fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLSHOSTNAME query parameters, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2025-50976

IPFire 2.29 DNS management interface dns.cgi fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLSHOSTNAME query parameters, resulting in a reflected cross-site scripting XSS vulnerability...

PT-2025-34808 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...

PT-2025-34797 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The Calamaris log exporter CGI script /cgi-bin/logs.cgi/calamaris.dat does not properly sanitize user-supplied input before using it in shell commands. This allows a remote, unauthenticated attacker to inject...

CVE-2025-50975

The CVE-2025-50975 entry concerns IPFire 2.29, where the web-based firewall interface (firewall.cgi) does not sanitize multiple rule parameters (PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, tgt_addr). This allows an authenticated administrator to inject persistent J...

CVE-2025-50974

The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...

CVE-2025-50974

The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

IPFire before 2.19 Core Update 101 is vulnerable to remote command execution via the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted NCSA user creation fields, leading to command execution with web server privileges. Remediation: update to IP...

CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire that stems from improper validation of proxy.cgi interface inputs, which could lead to remote command execution...

PT-2025-29557 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire versions prior to 2.19 Core Update 101 Description: A remote command execution issue exists in IPFire due to a flaw in the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in...

CVE-2022-36368

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script...

CVE-2020-19202

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

CVE-2020-19204

An authenticated Stored Cross-Site Scriptiong XSS vulnerability exists in Lightning Wire Labs IPFire 2.21 x8664 - Core Update 130 in the "routing.cgi" Routing Table Entries via the "Remark" text box or "remark" parameter. It allows an authenticated WebGUI user to execute Stored Cross-site Scripti...

CVE-2020-21142

Cross Site Scripting XSS vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi...

openSUSE: Security Advisory for tor (openSUSE-SU-2023:0361-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...