CVE-2014-0338
https://notcve.org/view.php?id=CVE-2014-0338
Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter. Múltiples vulnerabilidades de XSS en las páginas de gestión de política de firewall en WatchGuard Fireware XTM anterior a 11.8.3 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro pol_name. • http://seclists.org/fulldisclosure/2014/Mar/154 http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw http://www.kb.cert.org/vuls/id/807134 http://www.securityfocus.com/bid/66210 http://www.securitytracker.com/id/1029924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6021 – Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-6021
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. Desbordamiento de buffer en WGagent de WatchGuard WSM y Fireware anterior a la versión 11.8 permite a atacantes remotos ejecutar código arbitrario a través de un valor largo de sessionid en una cookie. • https://www.exploit-db.com/exploits/29273 http://osvdb.org/98752 http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8 http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes http://www.exploit-db.com/exploits/29273 http://www.kb.cert.org/vuls/id/233990 http://www.securityfocus.com/bid/63227 https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-5702 – Watchguard Server Center 11.7.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5702
Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades corss-site scripting (XSS) en WebCenter de Watchguard WSM y Fireware anterior a 11.8, permite a atancates remotos, inyectar script web o HTML de forma arbitraria a traves de vectores no especificados. Watchguard Server Center version 11.7.4 suffers from multiple reflective cross site scripting vulnerabilities. • http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8 http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •