6555 matches found
CVE-2007-6193
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface...
Design/Logic Flaw
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...
CVE-2007-6193
CVE-2007-6193 concerns the Citrix NetScaler web management interface. The OpenVAS entries and the NVD record indicate that NetScaler 8.0 build 47.8 exposes the device’s primary IP address (and, per OpenVAS, software version) via the web management cookie, enabling information disclosure. The impa...
CVE-2007-6192
The CVE-2007-6192 entry describes an information disclosure vulnerability in the Citrix NetScaler Web Management Interface (NetScaler 8.0 build 47.8). The issue arises from using weak encryption to protect cookie contents by XORing sensitive values (including credentials) with a fixed key stream,...
CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...
Cross site scripting
Cross-site scripting XSS vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /screens URI, related to the url...
CVE-2003-1363
The CVE affects Aprelium Technologies Abyss Web Server 1.1.2 and earlier, where the remote web management interface on port 9999 fails to log connection attempts. This lack of logging can enable remote brute-force attacks against the administration console without detection. The available connect...
Design/Logic Flaw
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service I/O request timeout and device hang via unspecified vectors...
CVE-2007-5482
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service I/O request timeout and device hang via unspecified vectors...
CVE-2007-5482
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service I/O request timeout and device hang via unspecified vectors...
CVE-2007-5482
Affected product : Sun StorEdge/StorageTek 3510 FC Array. Vulnerability class : unspecified vulnerability in the FTP service. Component/firmware : FTP service on the array with firmware before 4.21. Impact : remote attackers with access to the Ethernet management interface can cause a denial of s...
CVE-2003-1343
Trend Micro ScanMail for Exchange SMEX before 3.81 and before 6.1 might install a back door account in smgSmxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3"...
Design/Logic Flaw
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external Internet interface unless the user selects other options, which might expose the router to unintended incoming traffic from remot...
CVE-2007-5419
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external Internet interface unless the user selects other options, which might expose the router to unintended incoming traffic from remot...
CVE-2007-5419
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external Internet interface unless the user selects other options, which might expose the router to unintended incoming traffic from remot...
CVE-2004-2691
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service device reset via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from...
CVE-2004-2691
CVE-2004-2691 applies to 3Com SuperStack 3 4400 switches with firmware before 3.31. The vulnerability allows a remote attacker to cause a denial of service by sending a crafted request to the web management interface. Reports vary: some state the device resets, others describe a temporary unrespo...
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...
Cross site scripting
Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...
CVE-2007-4318
Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...