Vulnerabilities > Smoothwall

DATE CVE VULNERABILITY TITLE RISK
2020-02-07 CVE-2011-1085 Cross-Site Request Forgery (CSRF) vulnerability in Smoothwall Express 3.0
CSRF vulnerability in Smoothwall Express 3.
6.8
2020-02-07 CVE-2011-1084 Cross-site Scripting vulnerability in Smoothwall Express 3.0
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
network
smoothwall CWE-79
4.3
2014-12-31 CVE-2014-9431 Cross-Site Request Forgery (CSRF) vulnerability in Smoothwall 3.0/3.1
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.
6.8
2014-12-31 CVE-2014-9430 Cross-Site Scripting vulnerability in Smoothwall 3.0
Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action.
network
smoothwall CWE-79
4.3
2014-12-31 CVE-2014-9429 Cross-Site Scripting vulnerability in Smoothwall 3.0/3.1
Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi.
network
smoothwall CWE-79
4.3
2014-12-31 CVE-2011-5284 Cross-Site Request Forgery (CSRF) vulnerability in Smoothwall 3.0/3.1
Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.
6.8
2014-12-31 CVE-2011-5283 Cross-Site Scripting vulnerability in Smoothwall 3.0/3.1
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.
network
smoothwall CWE-79
4.3
2009-03-04 CVE-2009-0803 Permissions, Privileges, and Access Controls vulnerability in Smoothwall Networkguardian, Schoolguardian and Smoothguardian
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
network
high complexity
smoothwall CWE-264
5.4
2003-05-05 CVE-2003-0209 Integer Overflow vulnerability in Snort TCP Packet Reassembly
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
network
low complexity
smoothwall sourcefire
critical
10.0