EUVD-2012-2941

Malware in sbrugna...

EUVD-2012-2942

Malware in sbrugna...

CVE-2012-2963

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file...

CVE-2012-2964

The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents...

Design/Logic Flaw

The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents...

Authentication flaw

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file...

CVE-2012-2963

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file...

CVE-2012-2964

The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents...

CVE-2012-2963

The CVE-2012-2963 issue affects BreakingPoint Storm CTM before 3.0 where the embedded web server’s gwt/BugReport script does not enforce authorization, allowing an unauthenticated remote attacker to download a .tgz containing sensitive configuration data. The vulnerability is documented with an a...

CVE-2012-2964

CVE-2012-2964 affects BreakingPoint Storm CTM prior to version 3.0. The issue stems from the CTM administrative interface failing to properly authorize requests to the embedded web server, allowing an unauthenticated remote attacker to retrieve a diagnostic report containing sensitive configurati...

CVE-2012-2963

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file...

BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Overview BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information. Description According to BreakingPoint's website,the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide...