📦 Ipfire

This CVE describes a command injection vulnerability in IPFire firewall software that allows authenticated attackers to execute arbitrary commands as the 'nobody' user when creating proxy reports. The...

This vulnerability in IPFire firewall distributions allows local privilege escalation through insecure file permissions. An unprivileged user could replace the backup.pl script with malicious code tha...

This CVE describes multiple cross-site scripting vulnerabilities in IPFire's ovpnmain.cgi script that allow attackers to inject malicious JavaScript through VPN configuration parameters. When exploite...

This vulnerability allows attackers to execute reflected cross-site scripting (XSS) attacks against IPFire firewall administrators. By injecting malicious JavaScript into multiple parameters of the fw...

CVE-2019-25396 is a reflected cross-site scripting (XSS) vulnerability in IPFire's updatexlrator.cgi script that allows attackers to inject malicious JavaScript via POST parameters. When exploited, at...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through DNS configuration settings. When other users view the compromised DNS entries, the injecte...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript into the time synchronization settings page. When other users view the affected configuration page...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript into Dynamic DNS host configurations. When other users view or edit these compromised entries, the...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript into Quality of Service settings. When other users view the compromised QoS entries, the scripts e...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through user quota rules. The injected code executes when other users view the affected quota entr...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript into time constraint rules. When other users view these rules in the web interface, the scripts ex...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through the remote syslog configuration. When other users view the affected configuration page, th...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through mail server configuration fields. When other users view the mail settings page, the inject...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript into location group configurations. When other users view the affected page, the script executes i...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through service creation. When other users view the compromised service entry, the script executes...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through whitelist host remarks. The injected code executes when other users view the compromised w...

This SQL injection vulnerability in IPFire allows authenticated attackers to manipulate SQL queries when viewing OpenVPN connection logs. Attackers can exploit this to extract sensitive information fr...

IPFire versions before 2.29 Core Update 198 contain stored XSS vulnerabilities where authenticated users can inject malicious scripts into various web interface fields. These scripts execute when othe...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through the pienumber parameter when updating firewall IP search defaults. The injected code execu...

This stored XSS vulnerability in IPFire allows authenticated attackers to inject malicious JavaScript through the firewall country search settings. The injected code executes when other users view tho...