SA163: OpenSSH Vulnerability October 2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSH are susceptible to a security vulnerability. A remote attacker with read-only access to an SFTP server can create a large number of zero-length files and deplete the target's hard disk space. AFFECTED PRODUCTS The...

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...

SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can send a crafted X.509 certificate to cause unspecified impact. They can exploit, under certain circumstances, a computational flaw in the Montgomery...

SA150: NSS Vulnerability April 2017

SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to a security vulnerability. A remote attacker can send crafted Base64-encoded data and execute arbitrary code or cause denial of service through an application crash. AFFECTED PRODUCTS The following...

SA141 : OpenSSL Vulnerabilities 26-Jan-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...

SA131 : TCP Session Hijacking in Operating Systems Supporting RFC 5961

SUMMARY Blue Coat products that include a vulnerable version of an operating system that supports RFC 5961 are susceptible to a TCP session hijacking vulnerability. A remote, off-path attacker can infer the sequence numbers of an existing TCP connection, and either reset the connection or inject...

SA124 : NSS Vulnerabilities March 2016

SUMMARY Blue Coat products that include affected versions of NSS are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service through application crashes, or to possibly execute arbitrary code. AFFECTED PRODUCTS The following products...

SA120 : Truncated Diffie-Hellman Secret Generation in libssh2

SUMMARY Blue Coat products that include affected versions of libssh2 are susceptible to a truncated Diffie-Hellman secret length vulnerability. A remote man-in-the-middle MITM attacker can exploit this vulnerability to intercept SSH connections that originate from Blue Coat products. The MITM...

SA119 : Multiple NSS Vulnerabilities

SUMMARY Blue Coat products that include affected versions of NSS are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to trigger arbitrary code execution. The attacker can also cause denial of service through application crashes and memory corruption...

SA114 : GNU C Library (glibc) Remote Code Execution February 2016

SUMMARY Blue Coat products using an affected version of the GNU C Library glibc are susceptible to a remote execution attack. A remote attacker can send a crafted DNS response to the glibc DNS resolver and cause the resolver to crash or execute arbitrary code. AFFECTED PRODUCTS The following...

Packeteer PacketShaper and PolicyCenter 8.2.2 - 'FILELIST' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27982/info Packeteer PacketShaper and PolicyCenter are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute...

Cross site scripting

Cross-site scripting XSS vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into a...

CVE-2008-1037

Cross-site scripting XSS vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into a...

CVE-2008-1037

Cross-site scripting XSS vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into a...

CVE-2008-1037

CVE-2008-1037 affects Packeteer PacketShaper and PolicyCenter 8.2.2. The vulnerability is a Cross-site Scripting (XSS) in the web management interface: the FILELIST parameter to an arbitrary component in the file listing function enables remote attackers to inject arbitrary web script or HTML, wh...

Packeteer PacketShaper and PolicyCenter 8.2.2 - FILELIST Cross-Site Scripting

Packeteer PacketShaper and PolicyCenter 8.2.2 - FILELIST Cross-Site Scripting source: https://www.securityfocus.com/bid/27982/info Packeteer PacketShaper and PolicyCenter are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input data. An...

Packeteer PacketShaper and PolicyCenter 8.2.2 - 'FILELIST' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27982/info Packeteer PacketShaper and PolicyCenter are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser o...