Vulnerabilities > Watchguard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-24 | CVE-2016-7089 | Permissions, Privileges, and Access Controls vulnerability in Watchguard Rapidstream WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | 7.2 |
| 2016-04-18 | CVE-2016-3943 | Incorrect Default Permissions vulnerability in Watchguard Panda Endpoint Administration Agent 7.49 Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | 7.2 |
| 2016-04-18 | CVE-2015-7378 | Incorrect Default Permissions vulnerability in Watchguard Panda URL Filtering 4.3.1.8 Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | 7.2 |
| 2015-07-08 | CVE-2015-5453 | Command Injection vulnerability in Watchguard XCS 10.0/9.2 Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | 6.5 |
| 2015-07-08 | CVE-2015-5452 | SQL Injection vulnerability in Watchguard XCS 10.0/9.2 SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. | 7.5 |
| 2014-03-16 | CVE-2014-0338 | Cross-Site Scripting vulnerability in Watchguard Fireware Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter. | 4.3 |
| 2013-10-19 | CVE-2013-6021 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Watchguard Fireware Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. | 9.3 |
| 2013-10-19 | CVE-2013-5702 | Cross-Site Scripting vulnerability in Watchguard Fireware and Watchguard System Manager Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2013-10-03 | CVE-2013-5701 | Permissions, Privileges, and Access Controls vulnerability in Watchguard Server Center 11.7.3/11.7.4 Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory. | 7.2 |
| 2011-05-23 | CVE-2011-2165 | Permissions, Privileges, and Access Controls vulnerability in Watchguard XCS 9.0/9.1 The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |