8e6 Technologies R3000 Internet Filter Bypass with Host Decoy

8e6 Technologies R3000 Internet Filter Bypass with Host Decoy Product: 8e6 Technologies R3000 Internet Filter http://www.8e6.com/network-security/internet-filtering/internet-filtering.html The HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet Filter contains a...

F5 FirePass 1200 SNMP daemon DoS

F5 FirePass 1200 SNMP daemon DoS Product: F5 FirePass 1200 http://www.f5.com/products/firepass/ The F5 FirePass 1200 SSL VPN appliance contains a denial-of-service vulnerability in the SNMP daemon. Traversing walking OID branch hrSWInstalled in HOST-RESOURCES-MIB OID 1.3.6.1.2.1.25.6 will cause t...

f5firepass-xss.txt

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

f5bigip-inject.txt

F5 BIG-IP Management Interface Perl Injection Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It...

F5 BIG-IP Management Interface Perl Injection

F5 BIG-IP Management Interface Perl Injection Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It...

Alkacon OpenCms users_list.jsp searchfilter XSS

Alkacon OpenCms userslist.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the user management function. Input to parameter searchfilter in page opencms/system/workplace/admin/accounts/userslist.jsp is not sufficiently...

F5 BIG-IP Web Management Audit Log XSS

F5 BIG-IP Web Management Audit Log XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a persistent cross-site scripting vulnerability in the audit log facility. Log entries are output raw, without being HTML-encoded first. This allows an...

alkaconopencms-xss.txt

Alkacon OpenCms userslist.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the user management function. Input to parameter searchfilter in page opencms/system/workplace/admin/accounts/userslist.jsp is not sufficiently...

Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure

Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a vulnerability in the Logfile Viewer Settings function. Input to Parameter filePath.0 in page opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.js...

F5 BIG-IP Web Management Console XSS

F5 BIG-IP Web Management Console XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a potentially persistent cross-site scripting vulnerability in the "Console" feature. Output from executed console commands is wrapped in textarea intentional...

Alkacon OpenCms tree_files.jsp resource XSS

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

alkacon-xss.txt

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

packeteer-xss.txt

Packeteer Products File Listing XSS Product: Packeteer PacketShaper http://www.packeteer.com/products/packetshaper/ Packeteer PolicyCenter http://www.packeteer.com/products/packetshaper/policycenter.cfm The web management interface of several Packeteer products contains a cross-site scripting...

f5asm-xss.txt

F5 BIG-IP Web Management ASM Security Report XSS Product: F5 BIG-IP Application Security Manager http://www.f5.com/products/big-ip/product-modules/application-security-manager.html The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report...

F5 BIG-IP Web Management ASM Security Report XSS

F5 BIG-IP Web Management ASM Security Report XSS Product: F5 BIG-IP Application Security Manager http://www.f5.com/products/big-ip/product-modules/application-security-manager.html The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report...

8e6 Technologies R3000 Internet Filter Bypass by Request Split

8e6 Technologies R3000 Internet Filter Bypass by Request Split Product: 8e6 Technologies R3000 Internet Filter http://www.8e6.com/network-security/internet-filtering/internet-filtering.html The HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet Filter can be bypassed by...

f5-xss.txt

F5 BIG-IP Web Management List Search XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a cross-site scripting vulnerability in the Search function present on several list-like pages. Parameter SearchString is not sanitized before it gets...

Citrix NetScaler Web Management XSS

Citrix NetScaler Web Management XSS Product: Citrix NetScaler http://www.citrix.com/lang/English/ps2/index.asp Citrix NetScaler contains a cross-site scripting vulnerability in the web management interface. None of the parameter values of /ws/genericapicall.pl are sanitized before they get embedd...

WinPT User ID Spoofing Vulnerability

WinPT User ID Spoofing Vulnerability Impact: Impersonation Where: Remote Status: Unpatched Product: Windows Privacy Tray WinPT http://wald.intevation.org/projects/winpt Visual representation of keys in WinPT 1.2.0 is susceptible to a user ID spoofing attack using keys with large amount of data in...

Packeteer PacketShaper Web Management Denial of Service

Packeteer PacketShaper Web Management Denial of Service Critical: Less critical Impact: DoS Where: Local network Product: Packeteer PacketShaper http://www.packetshaper.com/ Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. Requesting a...