5 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. Se detectó un problema en la crate endian_trait hasta el 4 de enero de 2021 para Rust. Una doble caída puede ocurrir cuando un implementación de Endian proporcionado por el usuario entra en pánico. • https://rustsec.org/advisories/RUSTSEC-2021-0039.html • CWE-415: Double Free •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. Endian Firewall Community (también se conoce como EFW) versión 3.3.2, permite a los usuarios autenticados remotamente ejecutar comandos arbitrarios del sistema operativo por medio de metacaracteres de shell en un comentario de copia de seguridad • https://github.com/MucahitSaratar/endian_firewall_authenticated_rce https://sourceforge.net/projects/efw/files/Development/EFW-3.3.2 https://www.endian.com/company/news/endian-community-releases-new-version-332-148 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 4

Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. Vulnerabilidad en Endian Firewall en versiones anteriores a 3.0, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en la shell en el parámetro (1) NEW_PASSWORD_1 o (2) NEW_PASSWORD_2 en cgi-bin/chpasswd.cgi. • https://www.exploit-db.com/exploits/37426 https://www.exploit-db.com/exploits/37428 https://www.exploit-db.com/exploits/38096 http://packetstormsecurity.com/files/133469/Endian-Firewall-Proxy-Password-Change-Command-Injection.html http://www.rapid7.com/db/modules/exploit/linux/http/efw_chpasswd_exec - • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Endian Firewall 2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) createrule sobre dnat.cgi, (2) addrule sobre dansguardian.cgi, o (3) PATH_INFO sobre openvpn_users.cgi. • https://www.exploit-db.com/exploits/36833 https://www.exploit-db.com/exploits/36832 https://www.exploit-db.com/exploits/36831 http://packetstormsecurity.org/files/109942/Endian-UTM-Firewall-2.4.x-Cross-Site-Scripting.html http://www.securityfocus.com/bid/52076 http://www.vulnerability-lab.com/get_content.php?id=436 https://exchange.xforce.ibmcloud.com/vulnerabilities/73330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de Cross-site scripting (XSS) en vpnum/userslist.php en Endian Firewall 2.1.2 permite a atacantes remotos inyectar script web o HTML a su elección mediante el parámetro psearch. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen únicamente de información de terceros. • http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html http://www.securityfocus.com/bid/27477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •