#Security Advisory - Multiple Vulnerabilities in Endian firewall# Endian Firewall is a "turn-key" linux security distribution that turns every system into a full featured security appliance. It features stateful packet filtering, proxies, antivirus/antispam, content filtering and a VPN module. Date : 02-12-2008 Product : Endian Firewall Version : 2.1.2 - Prior version maybe also be affected Vendor : http://www.endian.com/en/ Author : syniack Contact : syniack@gmail.com S.Page : http://bsecure.net.pk XSS Vulnerability: [TESTED] Security issue in the following files: https://example:10443/cgi-bin/logs_siproxy.cgi https://example:10443/cgi-bin/logs_clamav.cgi https://example:10443/cgi-bin/logs_smtp.cgi https://example:10443/cgi-bin/logs_log.cgi https://example:10443/cgi-bin/logs_proxy.cgi https://example:10443/cgi-bin/logs_firewall.cgi https://example:10443/cgi-bin/logs_ids.cgi https://example:10443/cgi-bin/logs_dansguardian.cgi https://example:10443/cgi-bin/backup.cgi https://example:10443/cgi-bin/outgoingfw.cgi Example: "> "> Image Example Url: http://img158.imageshack.us/my.php?image=endian02122008yu3.jpg http://img150.imageshack.us/my.php?image=endian03122008openvpnxq5.jpg http://img201.imageshack.us/my.php?image=endian05122008backupat3.jpg http://img201.imageshack.us/my.php?image=endian06122008outgoingfla5.jpg