9 matches found
CVE-2000-0063
CVE-2000-0063 affects the Nortel Contivity HTTP server via the cgiproc CGI script, which allows remote attackers to read arbitrary files by passing a filename parameter. This points to an uncontrolled file access flaw in the CGI handler, enabling partial confidentiality impact. The available docu...
CVE-2000-0064
The CVE-2000-0064 issue affects Nortel Contivity HTTP Server, specifically the cgiproc CGI script. The underlying problem is a vulnerability in cgiproc where a malformed URL containing shell metacharacters can crash the remote host, causing a denial of service. Affected component: cgiproc CGI scr...
CVE-2005-0844
CVE-2005-0844 affects Nortel VPN client 5.01, where the cleartext password is stored in the memory of the Extranet.exe process, allowing a local user to access sensitive information. The root cause is insecure in‑memory handling of credentials in Extranet.exe, with a local attack vector and parti...
CVE-2007-2333
CVE-2007-2333 affects Nortel VPN Router (Contivity) models 1000, 2000, 4000, and 5000, with specific firmware ranges: before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140. The vulnerability involves default LDAP template accounts FIPSecryptedtest1219 and FIPSunecryptedtest1219, whic...
CVE-2005-1802
Nortel VPN Router (also known as Contivity) is affected by CVE-2005-1802. A remote attacker can cause a denial of service (crash) by sending an IPsec IKE packet with a malformed ISAKMP header. The available documents identify the vulnerable component as the IPsec/IKE handling, but do not provide ...
CVE-2007-2334
The CVE-2007-2334 issue affects Nortel VPN Router (Contivity) 1000/2000/4000/5000 prior to specific firmware revisions: 5_05.149, 5_05.304 for 5_05.x line, and 6.x prior to 6_05.140. The vulnerability arises from two template HTML files that lack certain verification tags, enabling remote attacke...
CVE-2005-2579
CVE-2005-2579 affects Nortel Contivity VPN Client (V05_01.030). The issue is that when configuring a certificate for authentication, the process does not properly drop system privileges, enabling local users to gain privileges by launching a program via the File Open dialog box. Documented impact...
CVE-2004-1105
The CVE-2004-1105 entry concerns Nortel Networks Contivity VPN Client, where the authentication error message varies depending on whether the username is valid, leading to partial information disclosure over a network. The NVD entry documents a Network-level vulnerability with a base score of 5.0...
CVE-2004-2621
CVE-2004-2621 relates to the Nortel Contivity VPN Client. The provided sources indicate that, for versions 2.1.7, 3.00, 3.01, 4.91, and 5.01, a race condition occurs when opening a VPN tunnel: the gateway certificate is not checked until after a user-facing dialog is shown, which could allow a re...