Untangle NGFW 12.1.0 Beta - execEvil() Command Injection

Untangle NGFW 12.1.0 Beta - execEvil Command Injection !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: [email protected] Disclosure Timeline: 22/4/2016 Attempted t...

Untangle NGFW 12.1.0 Beta - execEvil() Command Injection

Exploit for jsp platform in category web applications !/usr/bin/python Title: Untangle NGFW = v12.1.0 beta execEvil authenticated root CI exploit CVE: Not yet assigned Discovery: Matt Bush @3xocyte Exploit: Matt Bush Contact: email protected Disclosure Timeline: 22/4/2016 Attempted to contact...

Untangle NGFW 12.1.0 Beta execEvil() Command Injection

!/usr/bin/python Title: Untangle NGFW " print "! and in a separat...

Untangle NGFW 9 / 10 / 11 XSS / Code Execution

Multiple issues have been discovered in the Untangle NGFW virtual appliance. The vendor was unresponsive and uncooperative to the researcher. - Persistent XSS leading to root Authentication requiredConfirmed in versions 9 and 11 up to rev r39357 Throughout the Untangle user interface there are...