20 matches found
EUVD-2014-2111
Malware in sbrugna...
EUVD-2014-8204
Malware in sbrugna...
EUVD-2014-6502
Malware in sbrugna...
Aruba Networks ClearPass Code Execution Vulnerability
Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass. An attacker could exploit the vulnerability to execute code...
Design/Logic Flaw
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identiti...
CVE-2015-4650
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors...
CVE-2015-3655
Cross-site request forgery CSRF vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token...
CVE-2015-4132
Aruba Networks ClearPass Policy Manager (CPPM) is affected by multiple XSS vulnerabilities in versions before 6.4.5. The issue allows remote administrators to inject arbitrary web script/HTML via unspecified vectors. The CNVD entry additionally notes a directory traversal security vulnerability i...
CVE-2014-6625
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors...
CVE-2014-6621
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page...
CVE-2014-6626
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors...
CVE-2014-6625
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors...
CVE-2014-6624
Summary: CVE-2014-6624 affects Aruba Networks ClearPass Insight module. The vulnerability exists in ClearPass Insight before 6.3.6 and in 6.4.x before 6.4.1. Affected software: Aruba Networks ClearPass (Insight module); affected versions are <6.3.6 and
CVE-2014-6625
CVE-2014-6625 concerns Aruba Networks ClearPass Policy Manager. The vulnerability affects ClearPass before 6.3.6 and 6.4.x before 6.4.1, where remote authenticated users can gain privileges. The available documents specify the impact (privilege escalation) and affected versions, but do not disclo...
CVE-2014-6623
Cross-site request forgery CSRF vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged in user via unspecified vectors...
Design/Logic Flaw
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the 1 system status-rasession and 2 network ping commands...
CVE-2014-4031
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors...
CVE-2014-4013
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-4013
The CVE-2014-4013 entry describes a SQL injection vulnerability in the Policy Manager of Aruba Networks ClearPass. Affected products/versions include ClearPass 5.x, 6.0.x, 6.1.x up to 6.1.4.61696, 6.2.x up to 6.2.6.62196, and 6.3.x before 6.3.4. The issue allows remote authenticated users to exec...
Design/Logic Flaw
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in...