Lucene search
+L

6555 matches found

NVD
NVD
added 2007/11/30 1:46 a.m.21 views

CVE-2007-6193

The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface...

5CVSS6.1AI score0.01108EPSS
Exploits0References2
Prion
Prion
added 2007/11/30 1:46 a.m.26 views

Design/Logic Flaw

The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...

4.3CVSS7AI score0.00699EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/11/30 1:0 a.m.67 views

CVE-2007-6193

CVE-2007-6193 concerns the Citrix NetScaler web management interface. The OpenVAS entries and the NVD record indicate that NetScaler 8.0 build 47.8 exposes the device’s primary IP address (and, per OpenVAS, software version) via the web management cookie, enabling information disclosure. The impa...

5CVSS6.1AI score0.01108EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/11/30 1:0 a.m.62 views

CVE-2007-6192

The CVE-2007-6192 entry describes an information disclosure vulnerability in the Citrix NetScaler Web Management Interface (NetScaler 8.0 build 47.8). The issue arises from using weak encryption to protect cookie contents by XORing sensitive values (including credentials) with a fixed key stream,...

4.3CVSS6.4AI score0.00699EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/11/30 1:0 a.m.24 views

CVE-2007-6192

The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...

6.4AI score0.00699EPSS
Exploits0References4
Prion
Prion
added 2007/11/20 8:46 p.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /screens URI, related to the url...

4.3CVSS6.2AI score0.02358EPSS
Exploits0References6
CVE
CVE
added 2007/10/17 1:0 a.m.45 views

CVE-2003-1363

The CVE affects Aprelium Technologies Abyss Web Server 1.1.2 and earlier, where the remote web management interface on port 9999 fails to log connection attempts. This lack of logging can enable remote brute-force attacks against the administration console without detection. The available connect...

6.4CVSS7.1AI score0.01173EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/10/16 11:17 p.m.18 views

Design/Logic Flaw

Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service I/O request timeout and device hang via unspecified vectors...

6.4CVSS7.2AI score0.01747EPSS
Exploits0References8
NVD
NVD
added 2007/10/16 11:17 p.m.20 views

CVE-2007-5482

Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service I/O request timeout and device hang via unspecified vectors...

6.4CVSS6.7AI score0.01747EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/10/16 11:0 p.m.26 views

CVE-2007-5482

Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service I/O request timeout and device hang via unspecified vectors...

6.7AI score0.01747EPSS
Exploits0References8
CVE
CVE
added 2007/10/16 11:0 p.m.53 views

CVE-2007-5482

Affected product : Sun StorEdge/StorageTek 3510 FC Array. Vulnerability class : unspecified vulnerability in the FTP service. Component/firmware : FTP service on the array with firmware before 4.21. Impact : remote attackers with access to the Ethernet management interface can cause a denial of s...

6.4CVSS6.7AI score0.01747EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2007/10/14 7:0 p.m.21 views

CVE-2003-1343

Trend Micro ScanMail for Exchange SMEX before 3.81 and before 6.1 might install a back door account in smgSmxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3"...

7AI score0.02619EPSS
Exploits1References5
Prion
Prion
added 2007/10/12 9:17 p.m.23 views

Design/Logic Flaw

The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external Internet interface unless the user selects other options, which might expose the router to unintended incoming traffic from remot...

10CVSS7.2AI score0.02169EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/10/12 9:17 p.m.30 views

CVE-2007-5419

The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external Internet interface unless the user selects other options, which might expose the router to unintended incoming traffic from remot...

10CVSS6.7AI score0.02169EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/10/12 9:0 p.m.32 views

CVE-2007-5419

The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external Internet interface unless the user selects other options, which might expose the router to unintended incoming traffic from remot...

6.7AI score0.02169EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/10/06 8:0 p.m.26 views

CVE-2004-2691

Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service device reset via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from...

6.6AI score0.39064EPSS
Exploits2References3
CVE
CVE
added 2007/10/06 8:0 p.m.65 views

CVE-2004-2691

CVE-2004-2691 applies to 3Com SuperStack 3 4400 switches with firmware before 3.31. The vulnerability allows a remote attacker to cause a denial of service by sending a crafted request to the web management interface. Reports vary: some state the device resets, others describe a temporary unrespo...

7.1CVSS7AI score0.39064EPSS
Exploits2References3Affected Software3
exploitpack
exploitpack
added 2007/09/17 12:0 a.m.29 views

Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)

Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

0.3AI score0.97759EPSS
Exploits8
Prion
Prion
added 2007/08/13 9:17 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...

4.3CVSS5.8AI score0.02307EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2007/08/13 9:17 p.m.21 views

CVE-2007-4318

Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...

4.3CVSS5.4AI score0.02307EPSS
Exploits1References7
Rows per page
Query Builder