13 matches found
EUVD-2007-3772
Malware in sbrugna...
EUVD-2007-3771
Malware in sbrugna...
CVE-2007-3786
Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...
CVE-2007-3788
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
Design/Logic Flaw
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
CVE-2007-3787
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
CVE-2007-3786
Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...
CVE-2007-3788
The vulnerability CVE-2007-3788 affects the eSoft InstaGate EX2 UTM device, where the admin password is stored within the settings HTML document. This exposes a risk that an attacker who can read that document may obtain sensitive information, potentially compromising confidentiality and integrit...
CVE-2007-3786
The vulnerable product is the eSoft InstaGate EX2 UTM device. A CSRF flaw affects firmware versions prior to 3.1.20070615, allowing remote attackers to perform privileged actions as administrators. The issue’s root cause is a CSRF vulnerability (as described in the CVE entry and related docs). Re...
CVE-2007-3787
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
CVE-2007-3788
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack
Calyptix Security Advisory CX-2007-05 eSoft InstaGate EX2 Cross-Site Request Forgery Attack Date: 07/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt Overview Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to...