19 matches found
EUVD-2014-0396
Malware in sbrugna...
EUVD-2014-0397
Malware in sbrugna...
EUVD-2004-0673
Malware in sbrugna...
CVE-2014-0359
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a guiinputtest.pl params parameter to servlet/Installer...
CVE-2014-0358
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. dot dot in 1 the file parameter in a getUpgradeStatus action to servlet/MGConfigData, 2 the download parameter in a download action to servlet/MGConfigDat...
Design/Logic Flaw
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a guiinputtest.pl params parameter to servlet/Installer...
Directory traversal
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. dot dot in 1 the file parameter in a getUpgradeStatus action to servlet/MGConfigData, 2 the download parameter in a download action to servlet/MGConfigDat...
CVE-2014-0358
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. dot dot in 1 the file parameter in a getUpgradeStatus action to servlet/MGConfigData, 2 the download parameter in a download action to servlet/MGConfigDat...
CVE-2014-0358
CVE-2014-0358 affects Xangati XSR before 11 and XNR before 7, with multiple directory traversal vulnerabilities allowing remote attackers to read arbitrary files via ../ in parameters for actions on MGConfigData, Installer, or related endpoints. The root cause is improper input validation of file...
CVE-2014-0359
The CVE-2014-0359 issue affects Xangati XSR before 11 and XNR before 7, where an attacker can remotely execute arbitrary commands through shell metacharacters in the params parameter of gui_input_test.pl used by the servlet/Installer. The root cause is insufficient input validation that allows co...
Xangati - servletInstaller?file Directory Traversal
Xangati - servletInstaller?file Directory Traversal source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to access or...
Xangati XSR XNR - gui_input_test.pl Remote Command Execution
Xangati XSR XNR - guiinputtest.pl Remote Command Execution source: https://www.securityfocus.com/bid/66819/info Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...
Xangati - '/servlet/Installer?file' Directory Traversal
source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to access or read arbitrary files that contain sensitive...
Xangati - servletMGConfigData Multiple Directory Traversals
Xangati - servletMGConfigData Multiple Directory Traversals source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to...
Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution
source: https://www.securityfocus.com/bid/66819/info Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary commands in the context of the...
CVE-2004-0674
CVE-2004-0674 affects Enterasys XSR-1800 series Security Routers running firmware 7.0.0.0 with Policy-Based Routing. A remote attacker can cause a denial of service (crash) by sending a packet with the IP record route option set. The NVD entry shows a base score of 5.0 (medium) with network attac...
CVE-2004-0674
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service crash via a packet with the IP record route option set...
Enterasys XSR Security Routers DoS
Description: Enterasys XSR Security Routers crash when passing a packet with the option record route. System Vulnerable: This vulnerability was found in XSR-1800 series. firmware 7.0.0.0 Proof-of-concept: I've used Hping http://www.hping.org/ to perform this example: hping3 -1 -G www.uol.com.br...
Enterasys XSR DoS
Router crashes on packet with RR option...