Lista CVE - 2008 / Febbraio
Visualizzazione 501 - 533 di 533 CVE per Febbraio 2008 (Pagina 6 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-0124 | 2008-02-28 | Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which... |
| CVE-2008-0308 | 2008-02-28 | Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption)... |
| CVE-2008-0309 | 2008-02-28 | Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code... |
| CVE-2008-1063 | 2008-02-28 | Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. |
| CVE-2008-1064 | 2008-02-28 | Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2008-1066 | 2008-02-28 | The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in... |
| CVE-2007-5397 | 2008-02-28 | Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via... |
| CVE-2008-1065 | 2008-02-28 | Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter.... |
| CVE-2008-0411 | 2008-02-28 | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range... |
| CVE-2008-1067 | 2008-02-28 | Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php. |
| CVE-2008-1068 | 2008-02-28 | Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1)... |
| CVE-2008-1069 | 2008-02-28 | Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and... |
| CVE-2008-1070 | 2008-02-28 | The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
| CVE-2008-1071 | 2008-02-28 | The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
| CVE-2008-1072 | 2008-02-28 | The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a... |
| CVE-2008-1073 | 2008-02-29 | Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or... |
| CVE-2008-1074 | 2008-02-29 | PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter. |
| CVE-2008-1076 | 2008-02-29 | Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this... |
| CVE-2008-1077 | 2008-02-29 | SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a... |
| CVE-2008-1075 | 2008-02-29 | Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the... |
| CVE-2008-0303 | 2008-02-29 | The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP... |
| CVE-2008-1078 | 2008-02-29 | expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file.... |
| CVE-2008-1080 | 2008-02-29 | Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. |
| CVE-2008-1081 | 2008-02-29 | Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. |
| CVE-2008-1082 | 2008-02-29 | Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during... |
| CVE-2008-1095 | 2008-02-29 | Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic)... |
| CVE-2007-6016 | 2008-02-29 | Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and... |
| CVE-2007-6017 | 2008-02-29 | The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes... |
| CVE-2008-0304 | 2008-02-29 | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message,... |
| CVE-2008-0385 | 2008-02-29 | SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the... |
| CVE-2008-0595 | 2008-02-29 | dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to... |
| CVE-2008-1110 | 2008-02-29 | Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash)... |
| CVE-2007-6252 | 2008-03-03 | Multiple stack-based buffer overflows in the Learn2 Corporation STRunner (aka Street Technologies) ActiveX control in iestm32.dll allow remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2008-1115 | 2008-03-03 | Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. |
| CVE-2008-1116 | 2008-03-03 | Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting... |
| CVE-2008-1113 | 2008-03-03 | Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct... |
| CVE-2008-1114 | 2008-03-03 | Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM)... |
| CVE-2008-0928 | 2008-03-03 | Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape... |
| CVE-2008-1119 | 2008-03-03 | Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. |
| CVE-2008-1120 | 2008-03-03 | Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via... |
| CVE-2008-1121 | 2008-03-03 | SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie. |
| CVE-2008-1122 | 2008-03-03 | SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported... |
| CVE-2008-1123 | 2008-03-03 | Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2)... |
| CVE-2008-1124 | 2008-03-03 | Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to... |
| CVE-2008-1125 | 2008-03-03 | Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to... |
| CVE-2008-1126 | 2008-03-03 | PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter. |
| CVE-2008-1127 | 2008-03-03 | Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when... |
| CVE-2008-1128 | 2008-03-03 | PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| CVE-2008-0930 | 2008-03-04 | w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details... |
| CVE-2008-0931 | 2008-03-04 | w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying... |
| CVE-2008-1129 | 2008-03-04 | Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained... |
| CVE-2008-1130 | 2008-03-04 | Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client)... |
| CVE-2008-1131 | 2008-03-04 | Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. |
| CVE-2008-1132 | 2008-03-04 | Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is... |
| CVE-2008-1079 | 2008-03-04 | The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges. |
| CVE-2008-1133 | 2008-03-04 | The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
| CVE-2007-6702 | 2008-03-04 | goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading... |
| CVE-2007-6703 | 2008-03-04 | Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors. |
| CVE-2008-1134 | 2008-03-04 | OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie. |
| CVE-2008-1135 | 2008-03-04 | OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid... |
| CVE-2008-1136 | 2008-03-04 | The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port... |
| CVE-2008-1137 | 2008-03-04 | SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a... |
| CVE-2008-1138 | 2008-03-04 | DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \\.\DLKPFSD_Device, aka the "ring0 link... |
| CVE-2008-1139 | 2008-03-04 | DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka... |
| CVE-2008-1140 | 2008-03-04 | DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem,... |
| CVE-2008-1141 | 2008-03-04 | Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device... |
| CVE-2008-1111 | 2008-03-04 | mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. |
| CVE-2008-1145 | 2008-03-04 | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names,... |
| CVE-2008-1146 | 2008-03-04 | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive... |
| CVE-2008-1147 | 2008-03-04 | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1,... |
| CVE-2008-1148 | 2008-03-04 | A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows... |
| CVE-2008-1149 | 2008-03-04 | phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and... |
| CVE-2008-1096 | 2008-03-05 | The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash)... |
| CVE-2008-1097 | 2008-03-05 | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to... |
| CVE-2008-1098 | 2008-03-05 | Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui... |
| CVE-2008-1099 | 2008-03-05 | _macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. |
| CVE-2007-6704 | 2008-03-05 | Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web... |
| CVE-2008-1162 | 2008-03-05 | SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter. |
| CVE-2008-1163 | 2008-03-05 | SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action. |
| CVE-2008-1164 | 2008-03-05 | SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action. |
| CVE-2008-1165 | 2008-03-05 | Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value... |
| CVE-2008-1166 | 2008-03-05 | Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. |
| CVE-2008-1167 | 2008-03-05 | Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent... |
| CVE-2008-1168 | 2008-03-05 | Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled... |
| CVE-2008-1169 | 2008-03-05 | Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or..." |
| CVE-2008-1170 | 2008-03-05 | Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. |
| CVE-2008-1171 | 2008-03-05 | Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to... |
| CVE-2008-0072 | 2008-03-06 | Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the... |
| CVE-2008-0883 | 2008-03-06 | acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. |
| CVE-2008-0985 | 2008-03-06 | Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file... |
| CVE-2008-0986 | 2008-03-06 | Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP... |
| CVE-2008-1172 | 2008-03-06 | Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages. |
| CVE-2008-1173 | 2008-03-06 | Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2008-1176 | 2008-03-06 | Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter. |
| CVE-2008-1177 | 2008-03-06 | SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-1178 | 2008-03-06 | Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than... |
| CVE-2008-1179 | 2008-03-06 | Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters.... |
| CVE-2008-1180 | 2008-03-06 | Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. |
| CVE-2008-1181 | 2008-03-06 | Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in... |
| CVE-2008-1182 | 2008-03-06 | Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |