| CVE-2014-9431 |
|
|
Dec 31, 2014 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of
more...
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.
less...
|
3.1
|
| CVE-2014-9429 |
|
|
Dec 31, 2014 |
Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML
more...
Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi.
less...
|
3.1
|
| CVE-2011-5284 |
|
|
Dec 31, 2014 |
Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and
more...
Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.
less...
|
3.1, 3.0, 2.0, 1.0, 0.9.9, 0.9.8, 0.9.6, 0.9.4, 0.9.2, 0.9.1
|
| CVE-2011-5283 |
|
|
Dec 31, 2014 |
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier
more...
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.
less...
|
3.1
|
| BDSA-2019-0394 |
|
Medium |
Feb 08, 2019 |
Insufficient input validation of user-supplied parameters in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against
more...
Insufficient input validation of user-supplied parameters in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against users. This flaw can be leveraged by an attacker to execute arbitrary web script in an authenticated victim's browser in order to steal their session cookies.
less...
|
|
| BDSA-2019-0393 |
|
Medium |
Feb 08, 2019 |
Insufficient input validation of a user-supplied parameter in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks agains
more...
Insufficient input validation of a user-supplied parameter in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against users. This flaw can be leveraged by tricking a user into clicking on a malicious link which will execute arbitrary web script in their browser, allowing the attacker to steal the victim's session cookies.
less...
|
|
| BDSA-2019-0392 |
|
Medium |
Feb 08, 2019 |
Insufficient input validation of user-supplied parameters in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against
more...
Insufficient input validation of user-supplied parameters in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against users. This flaw can be leveraged by an attacker to execute arbitrary web script in an authenticated victim's browser in order to steal their session cookies.
less...
|
|
| BDSA-2019-0391 |
|
Medium |
Feb 08, 2019 |
Insufficient input validation of user-supplied parameters in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against
more...
Insufficient input validation of user-supplied parameters in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against users. This flaw can be leveraged by tricking a user into clicking on a malicious link which will execute arbitrary web script in their browser, allowing the attacker to steal the victim's session cookies.
less...
|
|
| BDSA-2019-0390 |
|
Medium |
Feb 08, 2019 |
Insufficient input validation of a user-supplied parameter in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks agains
more...
Insufficient input validation of a user-supplied parameter in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against users. This flaw can be leveraged by tricking a user into clicking on a malicious link which will execute arbitrary web script in their browser, allowing the attacker to steal the victim's session cookies.
less...
|
|
| BDSA-2019-0388 |
|
Medium |
Feb 08, 2019 |
Insufficient input validation of a user-supplied parameter in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks agains
more...
Insufficient input validation of a user-supplied parameter in Smoothwall Express allows an attacker to launch cross-site scripting (XSS) attacks against users. This flaw can be leveraged by tricking a user into clicking on a malicious link which will execute arbitrary web script in their browser, allowing the attacker to steal the victim's session cookies.
less...
|
|
