1484 matches found
CVE-2006-5179
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA signature...
OpenVPN Unprotected Management Interface
The remote host is running OpenVPN, an open source SSL VPN. The version of OpenVPN installed on the remote host does not require authentication to access the server's management interface. An attacker can leverage this issue to gain complete control over the affected application simply by telneti...
Buffer overflow
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute...
CVE-2006-2086
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute...
CVE-2006-2086
The CVE-2006-2086 issue is a buffer overflow in the JuniperSetupDLL.dll loaded by JuniperSetup.ocx used by the Juniper SSL-VPN Client to access Juniper NetScreen IVE devices running IVE OS pre-final versions. The vulnerability is triggered by a long argument in the ProductName parameter, allowing...
CVE-2006-2086
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute...
Juniper SSL-VPN JuniperSetup client component buffer overflow
Buffer overflow in JuniperSetup.ocx ActiveX element...
CVE-2006-1357
Cross-site scripting XSS vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter...
CVE-2006-1357
CVE-2006-1357 describes a cross-site scripting (XSS) vulnerability in the F5 Firepass 4100 SSL VPN, specifically in the file my.support.php3 (version 5.4.2). The issue allows remote attackers to inject arbitrary web script or HTML by supplying a value in the s parameter. The available documents d...
CVE-2006-1357
Cross-site scripting XSS vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter...
F5 Firepass 4100 SSL VPN crossite scripting
Web interface crossite scripting...
XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)
Vulnerability class : Cross-Site Scripting Discovery date : 2nd of February 2006 Remote : Yes Local : No Credit : ILION Research Labs, Geneva Switzerland Vulnerable : F5 Firepass 4100 SSL VPN v. 5.4.2 A XSS Cross-Site-Scripting vulnerability has been uncovered in my.support.php3 called through a...
F5 Firepass 4100 SSL VPN - Cross-Site Scripting
source: https://www.securityfocus.com/bid/17175/info FirePass 4100 SSL VPN is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in th...
CVE-2005-4197
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet...
CVE-2005-4197
The vulnerability CVE-2005-4197 affects Nortel SSL VPN 4.2.1.6, specifically the tunnelform.yaws component. The issue allows remote attackers to execute arbitrary commands via a crafted link in the a parameter, and these commands run with extra privileges inside a cryptographically signed Java Ap...
SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution
SEC-CONSULT Security Advisory 20051212-0 ========================================================================== title: Nortel SSL VPN Cross Site Scripting/Command Execution program: Nortel SSL VPN vulnerable version: 4.2.1.6 homepage: www.nortel.com found: 2005-05-30 by: Daniel Fabian /...
Nortel SSL VPN multiple vulnerabilities
Crossite scripting, code execution...
Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation
Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation source: https://www.securityfocus.com/bid/15798/info Nortel SSL VPN is prone to an input validation vulnerability. This issue could be exploited to cause arbitrary commands to be executed on a user's computer. Cross-site scripting attacks ar...
Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation
source: https://www.securityfocus.com/bid/15798/info Nortel SSL VPN is prone to an input validation vulnerability. This issue could be exploited to cause arbitrary commands to be executed on a user's computer. Cross-site scripting attacks are also possible. Nortel SSL VPN 4.2.1.6 is vulnerable to...