Watchguard: Security Vulnerabilities
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
CVSS Score
7.8
EPSS Score
0.002
Published
2016-08-24
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
CVSS Score
7.8
EPSS Score
0.002
Published
2016-04-18
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
CVSS Score
7.8
EPSS Score
0.002
Published
2016-04-18
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
CVSS Score
6.5
EPSS Score
0.725
Published
2015-07-08
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
CVSS Score
7.5
EPSS Score
0.367
Published
2015-07-08
Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter.
CVSS Score
4.3
EPSS Score
0.033
Published
2014-03-16
Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-10-19
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
CVSS Score
9.3
EPSS Score
0.54
Published
2013-10-19
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory.
CVSS Score
7.2
EPSS Score
0.001
Published
2013-10-03
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
CVSS Score
6.8
EPSS Score
0.066
Published
2011-05-23