Page 2 of 10 results (0.009 seconds)

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1

Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Endian Firewall 2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) createrule sobre dnat.cgi, (2) addrule sobre dansguardian.cgi, o (3) PATH_INFO sobre openvpn_users.cgi. • https://www.exploit-db.com/exploits/36833 https://www.exploit-db.com/exploits/36832 https://www.exploit-db.com/exploits/36831 http://packetstormsecurity.org/files/109942/Endian-UTM-Firewall-2.4.x-Cross-Site-Scripting.html http://www.securityfocus.com/bid/52076 http://www.vulnerability-lab.com/get_content.php?id=436 https://exchange.xforce.ibmcloud.com/vulnerabilities/73330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en esp/editUser.esp en el firewall Palo Alto Networks 3.0.x en versiones anteriores a la 3.0.9 y 3.1.x en versiones anteriores a la 3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "role". Palo Alto Network suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/12660 http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page= http://www.securityfocus.com/bid/40113 https://exchange.xforce.ibmcloud.com/vulnerabilities/58624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de Cross-site scripting (XSS) en vpnum/userslist.php en Endian Firewall 2.1.2 permite a atacantes remotos inyectar script web o HTML a su elección mediante el parámetro psearch. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen únicamente de información de terceros. • http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html http://www.securityfocus.com/bid/27477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0

The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. El módulo SIP en Ingate Firewall anterior a 4.6.1 y SIParator anterior a 4.6.1 no reutilizar los puertos de media SIP en llamadas de contro sin especificar y enviar solamente escenarios de multitud, lo cual permite a atacantes remotos provocar denegación de servicio (consumo de puerto) a través de vectores no especificados. • http://osvdb.org/40365 http://secunia.com/advisories/28394 http://www.ingate.com/relnote-461.php http://www.securityfocus.com/bid/27222 http://www.securitytracker.com/id?1019176 http://www.securitytracker.com/id?1019177 http://www.vupen.com/english/advisories/2008/0108 • CWE-399: Resource Management Errors •