Search Results | AttackerKB

Show filters

Topics 9 Users 9,710

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

9 Total Results

Displaying 1-9 of 9

Attacker Value

Unknown

CVE-2011-1085

Disclosure Date: February 07, 2020 (last updated February 21, 2025)

CSRF vulnerability in Smoothwall Express 3.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2011-1084

Disclosure Date: February 07, 2020 (last updated February 21, 2025)

A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2011-5283

Disclosure Date: December 31, 2014 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.

0

Attacker Value

Unknown

CVE-2014-9429

Disclosure Date: December 31, 2014 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi.

0

Attacker Value

Unknown

CVE-2011-5284

Disclosure Date: December 31, 2014 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.

0

Attacker Value

Unknown

CVE-2014-9431

Disclosure Date: December 31, 2014 (last updated October 05, 2023)

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

0

Attacker Value

Unknown

CVE-2014-9430

Disclosure Date: December 31, 2014 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action.

0

Attacker Value

Unknown

CVE-2009-0803

Disclosure Date: March 04, 2009 (last updated October 04, 2023)

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

0

Attacker Value

Unknown

CVE-2003-0209

Disclosure Date: May 05, 2003 (last updated February 22, 2025)

Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.

0