Lucene search
+L

209 matches found

0day.today
0day.today
added 2011/01/18 12:0 a.m.28 views

SmoothWall Express 3.0 Multiple Vulnerabilities

Exploit for cgi platform in category web applications The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/01/17 12:0 a.m.44 views

SmoothWall Express 3.0 - Multiple Vulnerabilities

The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf document.getElementById"csrfplz".submit;...

7AI score
Exploits0
exploitpack
exploitpack
added 2011/01/17 12:0 a.m.17 views

SmoothWall Express 3.0 - Multiple Vulnerabilities

SmoothWall Express 3.0 - Multiple Vulnerabilities The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2011/01/16 12:0 a.m.22 views

SmoothWall Express 3.0 Cross Site Request Forgery / Cross Site Scripting

The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: SmoothWall Express 3.0 xss alert1;' document.getElementById"xssplz".submit; csrf example: SmoothWall Express 3.0 csrf document.getElementById"csrfplz".submit; -- Something's rotten in the state of...

0.5AI score
Exploits0
NVD
NVD
added 2009/03/04 4:30 p.m.15 views

CVE-2009-0803

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...

5.4CVSS6.7AI score0.02355EPSS
Exploits0References3
Prion
Prion
added 2009/03/04 4:30 p.m.9 views

Design/Logic Flaw

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...

5.4CVSS7.3AI score0.02355EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2009/03/04 4:0 p.m.16 views

CVE-2009-0803

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...

6.7AI score0.02355EPSS
Exploits0References3
CVE
CVE
added 2009/03/04 4:0 p.m.48 views

CVE-2009-0803

CVE-2009-0803 affects SmoothWall SmoothGuardian (used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008). In transparent interception mode, the product uses the HTTP Host header to determine the remote endpoint, allowing a crafted page to cause a client to send HTTP requests with a...

5.4CVSS7AI score0.02355EPSS
Exploits0References3Affected Software3
seebug.org
seebug.org
added 2009/02/25 12:0 a.m.17 views

多个HTTP代理HTTP Host头错误中继行为漏洞

BUGTRAQ ID: 33858 RFC 2616中所定义的HTTP Host头规范允许多个站点共享单个IP地址。 透明代理服务器无需用户交互或浏览器配置便拦截并重新定向网络连接,而很多以透明模式运行的代理服务器基于HTTP host-header值判断连接。Flash、Java等浏览器插件可能通过限制与内容所来源的站点或域的通讯对活动内容强制访问控制。攻击者可以通过活动内容来伪造主机头的值,这样以透明模式运行的代理服务器就会基于这个伪造的值来确定连接,因此攻击者可以连接到代理可连接到的任何网站或资源,包括通常不会暴露给Internet的内网资源。 Qbik WinGate 6.x...

6.9AI score
Exploits0
Rows per page
Query Builder