CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-27201
https://notcve.org/view.php?id=CVE-2021-27201
15 Feb 2021 — Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. Endian Firewall Community (también se conoce como EFW) versión 3.3.2, permite a los usuarios autenticados remotamente ejecutar comandos arbitrarios del sistema operativo por medio de metacaracteres de shell en un comentario de copia de seguridad • https://github.com/MucahitSaratar/endian_firewall_authenticated_rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 84%CPEs: 1EXPL: 5CVE-2015-5082 – Endian Firewall < 3.0.0 - OS Command Injection
https://notcve.org/view.php?id=CVE-2015-5082
07 Sep 2015 — Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. Vulnerabilidad en Endian Firewall en versiones anteriores a 3.0, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en la shell en el parámetro (1) NEW_PASSWORD_1 o (2) NEW_PASSWORD_2 en cgi-bin/chpasswd.cgi. • https://packetstorm.news/files/id/133469 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2012-4923 – Endian Firewall 2.4 - 'dansguardian.cgi?addrule' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4923
15 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Endian Firewall 2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) createrule sobre dnat.cgi, (2) addr... • https://www.exploit-db.com/exploits/36833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0494
https://notcve.org/view.php?id=CVE-2008-0494
30 Jan 2008 — Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de Cross-site scripting (XSS) en vpnum/userslist.php en Endian Firewall 2.1.2 permite a atacantes remotos inyectar script web o HTML a su elección mediante el parámetro psearch. NOTA: la procedencia de e... • http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •