This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Smoothwall First view 2014-12-31
Product Smoothwall Last view 2014-12-31
Version 3.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition express  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:smoothwall:smoothwall

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2014-12-31 CVE-2014-9431

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

4.3 2014-12-31 CVE-2014-9429

Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi.

6.8 2014-12-31 CVE-2011-5284

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.

4.3 2014-12-31 CVE-2011-5283

Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-352 Cross-Site Request Forgery (CSRF)
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')