Cross site scripting

Cross Site Scripting XSS vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi...

CVE-2020-21142

Cross Site Scripting XSS vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi...

CVE-2020-21142

CVE-2020-21142 is a reported XSS vulnerability in IPFire 2.23 via the IPFire web UI, specifically in mail.cgi. The connected documents confirm IPFire (version 2.23) and the mail.cgi component as the affected element. No explicit root-cause details, attack vectors, impact scope, or remediation ste...

IPFire 跨站脚本漏洞

IPFire is a hardened, versatile Linux-based open source firewall. A cross-site scripting vulnerability exists in IPFire version 2.23. The vulnerability can be exploited by an attacker to conduct cross-site scripting attacks via the IPfire web UI in mail.cgi...

Metasploit Wrap-Up

I'm very Emby-ous Community contributor btnz-k has authored a new Emby Version Scanner module consisting of both an exploit and a scanner for the SSRF vulnerability found in Emby. Emby is a previously open source media server designed to organize, play, and stream audio and video to a variety of...

CVE-2020-19202

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

CVE-2020-19202

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

Cross site scripting

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

CVE-2020-19202

An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...

CVE-2020-19202

The CVE-2020-19202 entry applies to IPFire 2.21 (x86_64) with Core Update 130. Affected component is the captive.cgi Captive Portal, where the Title of Login Page or the TITLE parameter enables an authenticated WebGUI user to perform a Stored XSS in the Captive Portal page. Root cause is input ha...

IPFire Firewall 跨站脚本漏洞

IPFire Firewall is an open source Linux-based firewall system from the IPFire organization. A cross-site scripting vulnerability exists in IPFire Firewall 2.21, which originates from the "Title of Login Page" text box or the "TITLE" parameter. The vulnerability allows an authenticated WebGUI user...

IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE

This module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user. Module Options msf use exploit/linux/http/ipfirepakfireexec msf...

IPFire 2.25 Remote Code Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user. This module requires Metasploit: https://metasploit.com/download...

IPFire 2.25 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE', 'Description' = %q This module exploits an authenticated command injection...

IPFire Firewall Remote Code Execution Vulnerability

IPFire Firewall is an open source Linux-based firewall system from the IPFire organization. IPFire Firewall suffers from a remote code execution vulnerability, and no detailed vulnerability details are provided at this time...

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

Information disclosure

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

CVE-2021-33393

IPFire 2.25-core155 contains an ownership/permissions issue in backup scripts (backup.pl) under /var/ipfire/backup, which can be exploited to execute code as root. Connected details show an authenticated command-injection path in pakfire.cgi used to achieve root-level RCE on IPFire 2.25 Core Upda...

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...