Octogate UTM 3.0.12 - Admin Interface Directory Traversal

Octogate UTM 3.0.12 - Admin Interface Directory Traversal Exploit Title: Octogate UTM Admin Interface Directory Traversal Date: 26.08.2015 Software Link: http://www.octogate.com Exploit Author: Oliver Karow Contact: [email protected] Website: http://www.oliverkarow.de Category: Remote Exploit...

Octogate UTM 3.0.12 - Admin Interface Directory Traversal

Exploit Title: Octogate UTM Admin Interface Directory Traversal Date: 26.08.2015 Software Link: http://www.octogate.com Exploit Author: Oliver Karow Contact: [email protected] Website: http://www.oliverkarow.de Category: Remote Exploit Affected Products/Versions -------------------------- Produ...

Design/Logic Flaw

The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...

Cross site request forgery (csrf)

The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...

CVE-2007-3787

The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...

CVE-2007-3788

The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...

CVE-2007-3787

The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...

CVE-2007-3788

The vulnerability CVE-2007-3788 affects the eSoft InstaGate EX2 UTM device, where the admin password is stored within the settings HTML document. This exposes a risk that an attacker who can read that document may obtain sensitive information, potentially compromising confidentiality and integrit...

Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack

Calyptix Security Advisory CX-2007-05 eSoft InstaGate EX2 Cross-Site Request Forgery Attack Date: 07/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt Overview Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to...