CVE-2021-34998 – Panda Security Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34998
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.pandasecurity.com/en/support/card?id=100077 https://www.zerodayinitiative.com/advisories/ZDI-21-1336 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVE-2020-10532
https://notcve.org/view.php?id=CVE-2020-10532
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. El componente AD Helper en WatchGuard Fireware versiones anteriores a 5.8.5.10317, permite a atacantes remotos detectar contraseñas de texto sin cifrar por medio del URI /domains/list. • https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/-credential-disclosure-in-watchguard-fireware-ad-helper-component https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_ad_helper_c.html • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2014-6413
https://notcve.org/view.php?id=CVE-2014-6413
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. Se presenta una vulnerabilidad de Cross-site Scripting (XSS) en WatchGuard XTM versión 11.8.3, por medio del parámetro poll_name en el script firewall/policy. • http://seclists.org/fulldisclosure/2014/Sep/70 http://www.securityfocus.com/bid/69958 https://exchange.xforce.ibmcloud.com/vulnerabilities/96069 https://packetstormsecurity.com/files/128310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-18652
https://notcve.org/view.php?id=CVE-2019-18652
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). Ha sido identificada una vulnerabilidad de tipo XSS basada en DOM en el WatchGuard XMT515 versiones hasta la versión 12.1.3, permitiendo a un atacante remoto ejecutar JavaScript en el navegador de la víctima al engañar a la víctima para que haga clic en un enlace especialmente diseñado. La carga útil fue probada en Microsoft Internet Explorer versión 11.418.18362.0 y Microsoft Edge versión 44.18362.387.0 (Microsoft EdgeHTML versión 18.18362). • https://gitlab.com/crypt0crc/cve-2019-18652 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-6154
https://notcve.org/view.php?id=CVE-2016-6154
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). El applet de autenticación en el sistema operativo Watchguard Fireware 11.11 ha reflejado XSS (esto también puede causar una redirección abierta). • https://www.sec-1.com/blog/2016/sec-1-advisory-reflected-cross-site-scripting-open-redirect-watchguard-fireware-v11-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •