UTM-1 Edge W Embedded NGX 7.0.48x reflected XSS vulnerability (low severity) (CVE-2008-1208)

...

CVE-2007-3465

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password...

Cross site request forgery (csrf)

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other...

Default credentials

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password...

CVE-2007-3465

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password...

CVE-2007-3464

The CVE-2007-3464 entry concerns Check Point SofaWare Safe@Office (firmware before Embedded NGX 7.0.45 GA). The underlying issue is that the admin password change does not require the old password, enabling potential privilege escalation via CSRF attacks or similar vectors on an unattended workst...

[Full-disclosure] CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability

Louhi Networks Oy -= Security Advisory =- Advisory: Checkpoint VPN-1 UTM Edge Cross Site Request Forgery Release Date: 2007/06/26 Last Modified: 2007/06/26 Authors: Henri Lindberg, Associate of ISC? [email protected] Jussi Vuokko, CISSP [email protected] Application: Checkpoint VPN-1 Ed...