5 matches found
Watchguard Fireware XTM OpenSSL TLS心跳信息泄漏漏洞
CVE ID:CVE-2014-0160 WatchGuard Fireware XTM是一款防火墙设备。 WatchGuard Fireware XTM所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 WatchGuard Fireware XTM 11.x WatchGuard Fireware XTM 11.8.3 Update 1版本已修复该漏洞,建议用户下载使用: http://watchguardsecuritycenter.com...
CVE-2014-0338
Multiple cross-site scripting XSS vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the polname parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the polname parameter...
CVE-2014-0338
WatchGuard Fireware XTM before 11.8.3 is affected by cross-site scripting in the firewall policy management page, exploitable via the pol_name parameter in firewall/policy. The root cause is improper input handling of the pol_name field, allowing remote attackers to inject arbitrary script/HTML t...
WatchGuard Fireware XTM devices contain a cross-site scripting vulnerability
Overview WatchGuard Fireware XTM 11.8.1, and possibly earlier versions, contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' WatchGuard Fireware XTM 11.8.1 contains a cross-site scripting vulnerabilit...