81 matches found
CVE-2010-2289
Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 Build 14599 and 6.5R2 Build 14951 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter...
PR09-17: Juniper Secure Access seriers (Juniper IVE) authenticated XSS & REDIRECTION
PR09-17: Juniper Secure Access series Juniper IVE authenticated XSS & REDIRECTION http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr09-17 Vulnerability found: 12th October 2009 Vendor informed: 12 October 2009 Severity: Medium Script injection Description: There are multiple...
Juniper Networks SA2000 SSL VPN Appliance - 'welcome.cgi' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41664/info Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting
Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/41664/info Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. An...
Juniper SA Series Cross Site Scripting Issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 o PROBLEM DETAILS The Juniper Secure Access SA web interface allows users to manage the bookmarks on their landing page. This bookmark management functionality does not filter user input properly and can allow cross site scripting attacks. Upon...
Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in the JuniperSetupDLL.dll library which is called by the JuniperSetup.ocx ActiveX control, as part of the Juniper SSL-VPN IVE appliance. By specifying an overly long string to the ProductName object parameter, the stack is overwritten. This module...
Juniper Networks IVE OS LDAP Referrals TLS明文密码漏洞
Juniper IVE OS是一款即时虚拟外网技术,用于安全访问SSL VPN设备。 使用TLS的Juniper IVE OS存在密码泄露问题,远程攻击者可以利用漏洞获得明文密码信息对系统进行进一步攻击。 攻击者可以通过嗅探网络通信获得用户敏感信息。目前没有详细漏洞细节提供。 Juniper Networks IVE OS 6.0 Juniper Networks IVE OS 5.4 目前没有详细解决方案提供: http://www.juniper.net...
Juniper Networks IVE client ActiveX control buffer overflow
Overview The ActiveX control used by Juniper IVE OS devices contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable client. Description Juniper IVE OS is an operating system used by Juniper devices, such as the Juniper Networks Secu...
Buffer overflow
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute...
CVE-2006-2086
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute...
CVE-2006-2086
The CVE-2006-2086 issue is a buffer overflow in the JuniperSetupDLL.dll loaded by JuniperSetup.ocx used by the Juniper SSL-VPN Client to access Juniper NetScreen IVE devices running IVE OS pre-final versions. The vulnerability is triggered by a long argument in the ProductName parameter, allowing...
CVE-2006-2086
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute...
[Full-disclosure] Replay Attack Vulnerability on Sonys Instant Video Everywhere Service
Replay Attack Vulnerability on Sonys Instant Video Everywhere Service http://www.iptel.org/security/2005-12-31.html December 31, 2005 I. Background Sony offers a SIP based voice and video service called IVE. By downloading a client application for the Windows operating system everybody can make...
CVE-2004-0939
CVE-2004-0939 affects Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x when LDAP or NT domain authentication is enabled. The flaw is an unauthenticated brute-force risk caused by not limiting the number of password attempts during changepassword.cgi, allowing remote password guessing. Public s...
Neoteris IVE password bruteforcing
Change password page doesn't limit the number of attempts...
[Gosecure Adivsory] Neoteris IVE Vulnerability
Gosecure Advisory http://www.gosecure.ca Neoteris IVE changepassword.cgi Authentication Bypass Date Published: 2004-09-20 Date Discovered: 2004-07-23 Advisory ID: GOSECURE-2004-10 Class: Design Error Risk: Medium Vendor: Juniper Networks www.juniper.net Advisory URL:...
[Gosecure Adivsory] Neoteris IVE Vulnerability
Gosecure Advisory http://www.gosecure.ca Neoteris IVE changepassword.cgi Authentication Bypass Date Published: 2004-09-20 Date Discovered: 2004-07-23 Advisory ID: GOSECURE-2004-10 Class: Design Error Risk: Medium Vendor: Juniper Networks www.juniper.net Advisory URL:...
NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi
Overview NetScreen Instant Virtual Extranet IVE platform contains a cross-site scripting vulnerability in the row parameter of delhomepage.cgi, which could allow an attacker to mount a cross-site scripting attack. Description The Instant Virtual Extranet platform is an application security gatewa...
CVE-2003-0217
CVE-2003-0217 describes a cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) up to version 3.01, where an input parameter passed to a CGI script (notably swsrv.cgi) could be exploited to hijack a user session and bypass authentication. The underlying issue is impr...
XSS In Neoteris IVE Allows Session Hijacking
Note to Moderator: In light of some recent cross-site scripting posts allowed through to Bugtraq recently, grateful if you would pass this one onto the list....thanks. -d. ----------------------------------------------------------------------------------------------------=sMax. Security Advisory=...