25 matches found
EUVD-2014-9560
Malware in sbrugna...
EUVD-2014-2097
Malware in sbrugna...
Viprinet VPN Hub Router Cross-Site Scripting Vulnerability
Viprinet VPN Hub Router is a multiplexed VPN router product from Viprinet Europe, Germany. The Viprinet VPN Hub Router suffers from a cross-site scripting vulnerability that stems from the lack of input validation and output escaping mechanisms in the CLI interface. By exploiting this...
Viprinet VPN Hub Router Cross Site Scripting Vulnerability
Exploit for php platform in category web applications New Hope Team identified a stored XSS in Viprinet VPN Hub Router. Overview: Input validation and output escaping mechanisms are missing for CLI interface. Stored XSS is possible. By exploiting that vulnerability an attacker can obtain sensitiv...
Viprinet VPN Hub Router Cross Site Scripting
SD-WAN New Hope Team identified a stored XSS in Viprinet VPN Hub Router. Overview: Input validation and output escaping mechanisms are missing for CLI interface. Stored XSS is possible. By exploiting that vulnerability an attacker can obtain sensitive information e.g., private key or modify a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...
CVE-2014-9754
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows an attacker to perform a Man in the Middle attack...
CVE-2014-2045
Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...
Design/Logic Flaw
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows an attacker to perform a Man in the Middle attack...
CVE-2014-9755
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...
CVE-2014-2045
Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...
Design/Logic Flaw
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...
CVE-2014-9755
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows remote attackers to perform a replay attack...
CVE-2014-9755
The CVE concerns Viprinet MultichannelVPN Router 300 hardware VPN client versions 2013070830/2013080900. The root cause is failure to validate the remote VPN endpoint identity by checking the endpoint’s SSL key before initiating the exchange, enabling a replay attack. Affected component: hardware...
CVE-2014-2045
CVE-2014-2045 affects Viprinet Multichannel VPN Router 300. The issue is multiple cross‑site scripting (XSS) vulnerabilities in both the device’s old and new web interfaces, exploitable via crafted usernames or other parameters (e.g., hostname, config inspect, atcommands, ping tool). Exploitation...
CVE-2014-9754
The CVE-2014-9754 entry concerns Viprinet MultichannelVPN Router 300, specifically firmware versions 2013070830/2013080900. The issue is that the hardware VPN client does not validate the remote VPN endpoint identity (the SSL key) before starting the exchange, enabling a Man-in-the-Middle attack....
CVE-2014-2045
Multiple cross-site scripting XSS vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when 1 logging in or 2 creating an account in the old interface, 3 username when creating an accou...
CVE-2014-9754
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange, which allows an attacker to perform a Man in the Middle attack...
Viprinet Europe Multichannel VPN Router 300 Man-in-the-Middle Attack Vulnerability
Viprinet Europe Multichannel VPN Router 300 is a multichannel VPN router product from Viprinet Europe, Germany. A security vulnerability exists in the Viprinet Europe Multichannel VPN Router 300 that originates from the program failing to validate a certificate. An attacker could use this...
Viprinet Europe Multichannel VPN Router 300 Protocol Downgrade Vulnerability
Viprinet Europe Multichannel VPN Router 300 is a multichannel VPN router product from Viprinet Europe, Germany. A security vulnerability exists in the Viprinet Europe Multichannel VPN Router 300. An attacker could exploit this vulnerability to perform protocol degradation attacks...