6 matches found
ANTlabs InnGate Firmware SQL Injection Vulnerability
ANTlabs InnGate firmware on IG 3100 etc. is a firmware from ANTlabs Singapore for use in IG 3100 gateways and other devices. A SQL injection vulnerability exists in the main.ant file in the ANTlabs InnGate firmware on multiple ANTlabs devices. A remote attacker could execute arbitrary queries on...
ANTlabs InnGate Firmware Cross-Site Scripting Vulnerability
ANTlabs InnGate firmware on IG 3100 etc. is a firmware from ANTlabs Singapore for use in IG 3100 gateways and other devices. A cross-site scripting vulnerability exists in the index-login.ant file in the ANTlabs InnGate firmware on multiple ANTlabs devices. If a user could be tricked into clickin...
Cross site scripting
Cross-site scripting XSS vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2015-2849
Summary (CVE-2015-2849) : The ANTlabs InnGate firmware (IG3100, InnGate 3.01 E, 3.10 E, 3.10 M, SG 4, SSG 4) contains a SQL injection vulnerability in the main.ant page. The issue arises from the ppli URL parameter; when using HTTPS, a remote attacker can induce arbitrary SQL commands on the unde...
CVE-2015-2850
The CVE-2015-2850 issue affects ANTlabs InnGate firmware (IG 3100 and InnGate 3.01 E, 3.10 E, 3.10 M, SG 4, SSG 4). The vulnerability is a Cross-Site Scripting (XSS) in the index-login.ant page, exploitable via the msg parameter. Root cause is improper input handling that allows injected web scri...
Authentication flaw
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...