CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 3CVE-2011-5283 – SmoothWall Express 3.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5283
31 Dec 2014 — Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. Vulnerabilidad de XSS en la interfaz de gestión de web en httpd/cgi-bin/ipinfo.cgi en Smoothwall Express 3.1 y 3.0 SP3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro IP en una acción Run. • https://www.exploit-db.com/exploits/16006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2011-5284 – SmoothWall Express 3.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5284
31 Dec 2014 — Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. Vulnerabilidad de CSRF en la interfaz de gestión web en httpd/cgi-bin/shutdown.cgi en Smoothwall Express 3.1 y 3.0 SP3 y anteriores permite a atacantes remotos secuestrar la autenticación de administradores ... • https://www.exploit-db.com/exploits/16006 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-9429
https://notcve.org/view.php?id=CVE-2014-9429
31 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. Múltiples vulnerabilidades de XSS en Smoothwall Express 3.1 y 3.0 SP3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro PROFILENAME en una acción S... • http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9430
https://notcve.org/view.php?id=CVE-2014-9430
31 Dec 2014 — Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. Vulnerabilidad de XSS en httpd/cgi-bin/vpn.cgi/vpnconfig.dat en Smoothwall Express 3.0 SP3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro COMMENT en una acción Add. • http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2014-9431
https://notcve.org/view.php?id=CVE-2014-9431
31 Dec 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. Múltiples vulnerabilidades de CSRF en Smoothwall Express 3.1 y 3.0 SP3 permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian la contraseña de (1) administración o (2) dial a través de una s... • http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 64%CPEs: 11EXPL: 2CVE-2003-0209 – Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution
https://notcve.org/view.php?id=CVE-2003-0209
16 Apr 2003 — Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. Desbordamiento de enteros en el modulo de reensamblaje TCP (stream4) de Snort 2.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante números de secuencia largo en paquetes, lo que permite un desbordamiento de búfer basado en el montón. • https://www.exploit-db.com/exploits/18 •