18 matches found
CVE-2013-3970
Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service aka UAC with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority CA certificate in the Trusted Server CAs list, which makes it easier...
CVE-2014-3823
The Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4...
CVE-2014-3820
Cross-site scripting XSS vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4...
CVE-2014-3824
Cross-site scripting XSS vulnerability in the web server in the Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3820
The CVE-2014-3820 anomaly is a documented XSS in Juniper Pulse Secure/Policy products. Affected are the SSL VPN/UAC web server on Junos Pulse Access Service (IVE OS: 7.1 before 7.1r16, 7.4 before 7.4r3, 8.0 before 8.0r1) and the Pulse Access Control Service (UAC OS: 4.1 before 4.1r8, 4.4 before 4...
Juniper Junos Pulse Client Privilege Escalation (JSA10644)
According to its self-reported version, the installation of Junos Pulse Client on the remote Windows host is version 4.0 prior to 4.0r6 or a version prior to 3.1r8. It is, therefore, affected by a privilege escalation vulnerability that allows a local attacker to gain administrative privileges vi...
CVE-2014-3812
The Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service UAC before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain...
CVE-2014-2291
Cross-site scripting XSS vulnerability in the Pulse Collaboration Secure Meeting user pages in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web scrip...
CVE-2014-2292
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors...
Design/Logic Flaw
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors...
CVE-2013-6956
Cross-site scripting XSS vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to...
Cross site scripting
Cross-site scripting XSS vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to...
CVE-2013-5649
Multiple cross-site scripting XSS vulnerabilities in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow 1 remote attackers to inject arbitrary web script or HTML via vectors involving login pages, an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow 1 remote attackers to inject arbitrary web script or HTML via vectors involving login pages, an...
CVE-2013-5649
Multiple cross-site scripting XSS vulnerabilities in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow 1 remote attackers to inject arbitrary web script or HTML via vectors involving login pages, an...
Design/Logic Flaw
Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service aka UAC with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority CA certificate in the Trusted Server CAs list, which makes it easier...
CVE-2013-3970
Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service aka UAC with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority CA certificate in the Trusted Server CAs list, which makes it easier...