Summary
| Detail | |||
|---|---|---|---|
| Vendor | Smoothwall | First view | 2014-12-31 |
| Product | Smoothwall | Last view | 2014-12-31 |
| Version | 3.1 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | express | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:smoothwall:smoothwall | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.8 | 2014-12-31 | CVE-2014-9431 | Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. |
| 4.3 | 2014-12-31 | CVE-2014-9429 | Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. |
| 6.8 | 2014-12-31 | CVE-2011-5284 | Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. |
| 4.3 | 2014-12-31 | CVE-2011-5283 | Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 50% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
