CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6154
https://notcve.org/view.php?id=CVE-2016-6154
23 Aug 2019 — The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). El applet de autenticación en el sistema operativo Watchguard Fireware 11.11 ha reflejado XSS (esto también puede causar una redirección abierta). • https://www.sec-1.com/blog/2016/sec-1-advisory-reflected-cross-site-scripting-open-redirect-watchguard-fireware-v11-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14615
https://notcve.org/view.php?id=CVE-2017-14615
20 Sep 2017 — An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. Se ha desc... • http://seclists.org/bugtraq/2017/Sep/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14616
https://notcve.org/view.php?id=CVE-2017-14616
20 Sep 2017 — An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible. Se ha descubierto un problema FBX-5312 en WatchGuard Fireware en versiones anteriores a la 12.0. Si se intenta iniciar sesión en la interfaz XML-RPC con un men... • http://www.securityfocus.com/archive/1/540427 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2017-8055
https://notcve.org/view.php?id=CVE-2017-8055
22 Apr 2017 — WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox. WatchGuard Fireware permite la enumeración de usuarios, por ejemplo, en el controlador de inicio de sesión Firebox XML-RPC. Una solicitud de inicio de sesión ... • http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 16%CPEs: 1EXPL: 3CVE-2017-8056
https://notcve.org/view.php?id=CVE-2017-8056
22 Apr 2017 — WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests tha... • https://github.com/itzexploit/CVE-2017-8056 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 1%CPEs: 11EXPL: 2CVE-2014-0338
https://notcve.org/view.php?id=CVE-2014-0338
16 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter. Múltiples vulnerabilidades de XSS en las páginas de gestión de política de firewall en WatchGuard Fireware XTM anterior a 11.8.3 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro pol_name. • http://seclists.org/fulldisclosure/2014/Mar/154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 49%CPEs: 12EXPL: 6CVE-2013-6021 – Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-6021
19 Oct 2013 — Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. Desbordamiento de buffer en WGagent de WatchGuard WSM y Fireware anterior a la versión 11.8 permite a atacantes remotos ejecutar código arbitrario a través de un valor largo de sessionid en una cookie. • https://packetstorm.news/files/id/123812 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 1CVE-2013-5702 – Watchguard Server Center 11.7.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5702
19 Oct 2013 — Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades corss-site scripting (XSS) en WebCenter de Watchguard WSM y Fireware anterior a 11.8, permite a atancates remotos, inyectar script web o HTML de forma arbitraria a traves de vectores no especificados. Watchguard Server Center version 11.7.4 suffers from multiple reflective cross site sc... • https://packetstorm.news/files/id/123707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •