16 matches found
EUVD-2007-3771
Malware in sbrugna...
EUVD-2007-3772
Malware in sbrugna...
Design/Logic Flaw
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
Cross site request forgery (csrf)
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
CVE-2007-3788
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
CVE-2007-3786
Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...
CVE-2007-3787
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...
CVE-2007-3788
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
CVE-2007-3786
Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...
CVE-2007-3786
The vulnerable product is the eSoft InstaGate EX2 UTM device. A CSRF flaw affects firmware versions prior to 3.1.20070615, allowing remote attackers to perform privileged actions as administrators. The issue’s root cause is a CSRF vulnerability (as described in the CVE entry and related docs). Re...
CVE-2007-3787
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
CVE-2007-3788
The vulnerability CVE-2007-3788 affects the eSoft InstaGate EX2 UTM device, where the admin password is stored within the settings HTML document. This exposes a risk that an attacker who can read that document may obtain sensitive information, potentially compromising confidentiality and integrit...
PT-2007-5024 · Esoft · Esoft Instagate Ex2 Utm
Name of the Vulnerable Software and Affected Versions: eSoft InstaGate EX2 UTM device versions prior to 3.1.20070615 Description: A cross-site request forgery CSRF issue allows remote attackers to perform privileged actions as administrators. The vendor disputes the distribution of the vulnerable...
Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack
Calyptix Security Advisory CX-2007-05 eSoft InstaGate EX2 Cross-Site Request Forgery Attack Date: 07/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt Overview Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to...
eSoft InstaGate EX2 UTM crossite forgery
It's possible to submit the form with configuration data...