6551 matches found
CVE-2008-6096
Juniper ScreenOS prior to 5.4.0r10, 6.0.0r6, and 6.1.0r2 is vulnerable to cross-site scripting due to improper sanitization of user input on the web interface and telnet login pages. The issue allows an attacker to inject arbitrary script via the username field on login, potentially affecting use...
Juniper ScreenOS HTML注入漏洞
BUGTRAQ ID:31528 CNCAN ID:CNCAN-2008100307 Juniper ScreenOS是一款用于Juniper防火墙设备上的操作系统。 Juniper ScreenOS包含的WEB接口登录缺少充分的输入验证,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 攻击者可以在登录过程中把JavaScript代码作为用户名部分数据,然后脚本代码会存储在设备事件记录中,当事件记录在NetScreen WEB控制台查看时可导致代码执行,成功的利用此漏洞可导致系统被入侵。 Juniper Networks ScreenOS 5.4 r9.0 升级到ScreenOS...
Design/Logic Flaw
The IPv6 Neighbor Discovery Protocol NDP implementation in 1 FreeBSD 6.3 through 7.1, 2 OpenBSD 4.2 and 4.3, 3 NetBSD, 4 Force10 FTOS before E7.7.1.1, 5 Juniper JUNOS, and 6 Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attacke...
CVE-2008-2476
The CVE-2008-2476 issue concerns the IPv6 Neighbor Discovery Protocol (NDP) implementation in several vendors (FreeBSD 6.3–7.1; OpenBSD 4.2–4.3; NetBSD; Force10 FTOS pre-E7.7.1.1; Juniper JUNOS; Wind River VxWorks 5.x–6.4) that does not validate the origin of Neighbor Discovery messages. This all...
Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection
================================================== Layered Defense Research Advisory 1 October 2008 ================================================== 1 Affected Product Juniper Netscreen Firewall ScreenOS version 5.4.0r9.0 ================================================== 2 Severity Rating: Low...
Juniper Netscreen Firewall ScreenOS crossite scripting
Persistant crossite scripting with username stored in logs...
Authentication flaw
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
DEBIAN-CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
CVE-2008-0960
CVE-2008-0960 describes an SNMPv3 HMAC verification flaw where the client specifies the HMAC length, enabling spoofing of authenticated SNMPv3 packets. Affected implementations include Net-SNMP 5.2.x (pre-5.2.4.1), 5.3.x (pre-5.3.2.1), 5.4.x (pre-5.4.1.1); UCD-SNMP; eCos; Juniper SRC C-series (1....
net-snmp SNMPv3 authentication bypass (VU#877044)
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
net-snmp SNMPv3 authentication bypass (VU#877044)
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
SNMPv3 improper HMAC validation allows authentication bypass
Overview A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. Description SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and...
BGP implementations do not properly handle UPDATE messages
Overview BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability...
CVE-2008-1180
Cross-site scripting XSS vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the deliverymode parameter...
Information disclosure
Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message...
Cross site scripting
Cross-site scripting XSS vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the deliverymode parameter...
CVE-2008-1181
Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message...
CVE-2008-1180
Cross-site scripting XSS vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the deliverymode parameter...
CVE-2008-1180
The vulnerability CVE-2008-1180 affects Juniper Networks Secure Access 2000, version 5.5 R1 build 11711, where a Cross-site Scripting (XSS) flaw exists in dana-na/auth/rdremediate.cgi. The issue allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter, implyi...