6547 matches found
ZYXEL ZyWALL 2 3.62 - FormsGeneral_1?sysSystemName Cross-Site Scripting
ZYXEL ZyWALL 2 3.62 - FormsGeneral1?sysSystemName Cross-Site Scripting source: https://www.securityfocus.com/bid/25262/info ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. An attacker can exploit these issues to carry out cross-site request forgery...
[Full-disclosure] Zyxel Zywall 2 multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Oy -= Security Advisory =- Advisory: Zyxel Zywall 2 Multiple vulnerabilities Release Date: 2007-08-10 Last Modified: 2007-08-10 Authors: Henri Lindberg, Associate of ISC? [email protected] Application: ZyNOS Firmware Version:...
ZYXEL ZyWALL 2 3.62 - '/Forms/General_1?sysSystemName' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25262/info ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks. ZyWALL 2 running with...
JVN#25471539 Aruba Mobility Controller Series cross-site scripting vulnerability
Aruba Mobility Controller series, switch products from Aruba Networks, contain a cross-site scripting vulnerability in the login page of the web management interface. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the patch Users of the products should apply...
Trend Micro OfficeScan管理控制台验证绕过漏洞
Trend Micro OfficeScan是一款企业级的网络防毒墙解决方案。 Trend Micro OfficeScan存在验证绕过问题,远程攻击者可以利用漏洞未授权登录管理接口并更改应用程序设置。 OfficeScan安装包含的WEB管理接口允许管理员配置应用程序和反病毒客户端管理。WEB接口由cgiChkMasterPwd.exe处理,传递由ActiveX控件生成的HASH和密码的加密版本。如果cgiChkMasterPwd.exe发送一个空的加密字符串和空的HASH,它会发送客户端一个合法会话ID用于访问WEB管理控制台。 Trend Micro OfficeScan...
fujitsu-primergy-disclose.txt
Advisory: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure RedTeam Pentesting discovered an information disclosure in the Fujitsu- Siemens BX300 Switch Blade during a penetration test. By accessing URLs of the web interface directly and aborting the authentication dialog, one is...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and...
CVE-2007-3489
Cross-site request forgery CSRF vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and...
CVE-2007-3489
Cross-site request forgery CSRF vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and...
CVE-2007-3489
CVE-2007-3489 affects Check Point VPN-1 Edge X Embedded NGX 7.0.33x with CSRF in the management interface (pop/WizU.html). A remote attacker can perform privileged actions as administrators, demonstrated by a request using swuuser and swupass parameters to add an administrator account. The vulner...
checkpoint-csrf.txt
Louhi Networks Oy -= Security Advisory =- Advisory: Checkpoint VPN-1 UTM Edge Cross Site Request Forgery Release Date: 2007/06/26 Last Modified: 2007/06/26 Authors: Henri Lindberg, Associate of ISC² [email protected] Jussi Vuokko, CISSP [email protected] Application: Checkpoint VPN-1 Ed...
Debian DSA-1314-1 : open-iscsi - several vulnerabilities
Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3099 Olaf Kirch discovered that due to a programming error access to the...
[SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1314-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 19th, 2007 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1314-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 19th, 2007 http://www.debian.org/security/faq -...
DSA-1314-1 open-iscsi
Bulletin has no description...
CVE-2007-3099
usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...
CVE-2007-3099
usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...
CVE-2007-3099
usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...
DEBIAN-CVE-2007-3099
usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...
CVE-2007-3099
usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...