webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7f6257e0a475681ff243ead159cafee2e03f6265
bpfire/html/cgi-bin
History
Michael Tremer 7f6257e0a4 backup: Sanitise FILE parameter 
This parameter was passed to some shell commands without any
sanitisation which allowed an attacker who was authenticated to
the web UI to download arbitrary files from some directories
and delete any file from the filesystem.

References: #11830

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-09-13 15:03:59 +01:00
..
asterisk
Made some nicer graphs and fixes
2008-02-05 19:22:05 +00:00
captive
captive: Show access page in browser language
2017-09-22 19:00:04 +01:00
logs.cgi
logs.cgi/ids.dat: Rework linking to external rule documentation.
2018-08-14 11:48:03 +01:00
aliases.cgi
aliases.cgi: Mark name field as mandatory.
2014-04-09 14:19:16 +02:00
atm-status.cgi
atm-status.cgi: display more values for solos-pci.
2014-02-15 16:41:40 +01:00
backup.cgi
backup: Sanitise FILE parameter
2018-09-13 15:03:59 +01:00
bluetooth.cgi
Add bluetooth.cgi only rfcomm/modem support yet
2008-08-16 17:44:44 +02:00
captive.cgi
Forgot to change language strings in captive.cgi
2018-01-10 16:44:04 +00:00
chpasswd.cgi
{proxy,chpasswd}.cgi: Fix a remote code execution vulnerability
2016-04-08 15:54:53 +01:00
connections.cgi
display GeoIP information on active network connections
2017-12-02 12:24:29 +00:00
connscheduler.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
country.cgi
GeoIP: Add lookup function for convenience
2017-11-13 22:37:19 +00:00
credits.cgi
make.sh: Add command to update list of contributors
2018-08-05 11:10:28 +01:00
ddns.cgi
ddns.cgi: Use ddnsctrl for instant update.
2015-04-26 16:52:52 +02:00
dhcp.cgi
dhcp rfc2136: dhcpd does not seem to support SHA-1
2015-10-21 17:34:41 +01:00
dns.cgi
Fix URL to list of public name servers in dns.cgi
2016-09-24 12:25:46 +01:00
dnsforward.cgi
Add unboundctrl
2016-08-06 19:34:39 +01:00
entropy.cgi
entropy: Don't show message for HWRNGs any more
2018-05-22 20:31:12 +01:00
extrahd.cgi
Apache 2.4.27 breaks ExtraHD-GUI
2017-10-02 19:27:52 +01:00
fireinfo.cgi
use HTTPS for links to fireinfo.ipfire.org
2018-01-07 19:18:33 +00:00
firewall.cgi
BUG11805: Firewall rule with source orange and target firewall-interface-orange not possible
2018-08-22 14:46:10 +01:00
fwhosts.cgi
BUG11825: firewall: Renaming a network/host group doesn't update rules
2018-08-24 11:44:45 +01:00
geoip-block.cgi
geoip-block.cgi: Finish column after last element and uneven amount of items.
2015-05-12 20:39:44 +02:00
gpl.cgi
gpl.cgi: Fix proper redirection so that the agreement has only to be accepted once.
2014-03-05 23:53:21 +01:00
guardian.cgi
guardian.cgi: Remove support for owncloud
2018-07-03 10:33:43 +01:00
gui.cgi
gui.cgi: htmlcleanup, change html tags from uppercase to lowercase
2014-02-15 15:51:41 +01:00
hardwaregraphs.cgi
correct wrong headline at hardwaregraphs.cgi
2017-11-29 12:01:30 +00:00
hosts.cgi
unbound: Restart after local hosts have been modified
2016-09-12 20:52:51 +01:00
ids.cgi
download ET IDS rules via HTTPS
2018-08-16 18:54:06 +01:00
index.cgi
IPsec: Show connected status for waiting connections that are active
2018-08-23 17:34:50 +01:00
ipinfo.cgi
display GeoIP information on ipinfo.cgi
2017-12-02 12:24:19 +00:00
iptables.cgi
BUG 11318: Fix deletion of temporary files from IPTables-GUI
2017-04-18 11:22:18 +01:00
mac.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
mail.cgi
BUG10964: When entering wrong data in dma setup, the fields are blanked
2015-11-10 18:38:56 +00:00
mdstat.cgi
cgi-bin: Use readonly="readonly" attribute on html input elements
2014-02-18 18:48:57 +01:00
media.cgi
media.cgi: Add missing 'tr'.
2014-04-12 12:18:57 +02:00
memory.cgi
Some Fixes for the CGIs not spamming apache logfile.
2010-12-12 20:40:56 +01:00
modem-status.cgi
modem-status: add more ttyUSB and ttyACM ports.
2014-06-06 10:45:59 +02:00
modem.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
mpfire.cgi
MPFire: Split page into three subpages.
2009-10-27 23:49:03 +01:00
netexternal.cgi
add GeoIP and rDNS information to used nameservers
2017-11-29 12:05:43 +00:00
netinternal.cgi
Multiple CGI files: Check if BLUE or ORANGE are actually configured.
2013-11-08 14:32:08 +01:00
netother.cgi
translate 'firewall hits' at netother.cgi
2017-11-29 11:59:49 +00:00
netovpnrw.cgi
vpn-statistic: add URI::escape for openvpn names with special chars
2015-04-14 14:00:47 +02:00
netovpnsrv.cgi
Improve graphs
2017-03-15 13:45:05 +00:00
optionsfw.cgi
optionsfw.cgi: Clean up code
2016-04-20 16:14:14 +01:00
ovpnmain.cgi
OpenVPN: Deleted mtu-disc completely since it has been dropped.
2018-07-10 18:40:39 +01:00
p2p-block.cgi
cgi-bin: HTML cleanup, add quotes for attribute values
2014-02-15 16:54:38 +01:00
pakfire.cgi
pakfire: Remove any reference to counter.py
2018-08-27 07:29:19 +01:00
pppsetup.cgi
BUG11177: pppoe password not required anymore
2016-09-08 12:58:47 +01:00
proxy.cgi
proxy.cgi: The group name cannot be in quotes
2018-07-01 12:38:48 +01:00
qos.cgi
As described in bug 11257 there is a mistake in the qos templates. The sum of the guaranteed bandwidth of the classes 101 - 120 is bigger than the available bandwidth. I adjusted the guaranteed bandwidth of the classes 101 - 104 so that each of them has a
2018-03-06 15:13:16 +00:00
remote.cgi
fix aesthetic issues in remote.cgi and ship them
2018-05-09 14:49:48 +01:00
routing.cgi
BUG11466: fix routing.cgi the function call in routing.cgi was fixed to call the new "exact" function.
2017-11-07 16:20:29 +00:00
samba.cgi
samba: default enable SMBv2.
2016-09-27 19:38:38 +02:00
sambahlp.cgi
Ein Paar Dateien fuer die GPLv3 angepasst.
2007-08-29 13:25:32 +00:00
services.cgi
webinterface: Replace dnsmasq with unbound
2016-08-06 19:30:14 +01:00
shutdown.cgi
shutdown.cgi: fix missing image.
2014-02-04 16:13:57 +01:00
speed.cgi
speed.cgi: Suppress error messages if not connected to the internet.
2013-09-07 16:23:50 +02:00
system.cgi
Improve graphs
2017-03-15 13:45:05 +00:00
time.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
tor.cgi
Tor: Use relay mode as default setting
2017-11-07 16:14:36 +00:00
traffic.cgi
Remove IPAC stuff
2016-10-02 15:13:55 +01:00
updatexlrator.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
upnp.cgi
cgi-bin: Remove font tags with no effect, and style tags
2014-02-22 12:13:02 +01:00
urlfilter.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
vpnmain.cgi
IPsec: Show connected status for waiting connections that are active
2018-08-23 17:34:50 +01:00
wakeonlan.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
webaccess.cgi
webaccess.cgi: Fixed language settings.
2016-01-19 00:06:30 +00:00
wireless.cgi
Mark required input fields with a star
2015-09-21 16:40:41 +01:00
wirelessclient.cgi
WiFi: Show EAP status on wireless client page
2017-05-16 15:05:25 +02:00
wlanap.cgi
wlanap.cgi: Some cosmetics...
2017-09-20 22:23:19 +01:00