CVE-2010-2103 – Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2103
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en axis2-admin/axis2-admin/engagingglobally en la consola de administración de Apache Axis2/Java v1.4.1, v1.5.1 y posiblemente otras versiones, usada en Business Objects 12, 3com IMC y posiblemente en otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "modules". NOTA: algunos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/12689 http://osvdb.org/64844 http://secunia.com/advisories/39906 http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf http://www.exploit-db.com/exploits/12689 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03 http://www.securityfocus.com/archive/1/511404/100/0/threaded http://www.securityfocus.com/bid/40327 http://www.vupen.com/english/advisories/2010/1215 https://exchange.xforce.ibmcloud.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-6395
https://notcve.org/view.php?id=CVE-2008-6395
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. La interfaz de gestión Web de 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) a través de una solicitud HTTP POST mal formada. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064226.html http://secunia.com/advisories/31714 http://www.securityfocus.com/bid/30988 http://www.securitytracker.com/id?1020807 https://exchange.xforce.ibmcloud.com/vulnerabilities/44890 • CWE-134: Use of Externally-Controlled Format String •
CVE-2007-5420
https://notcve.org/view.php?id=CVE-2007-5420
The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. El router 3Com 3CRWER100-75 con el software 1.2.10ww, cuando la administración remota está deshabilitada pero un servidor web ha sido configurado, sirve una página web a clientes externos, lo que permite a atacantes remotos obtener información sobre la existencia del router y los detalles del producto. • http://osvdb.org/45490 http://securityreason.com/securityalert/3217 http://www.securityfocus.com/archive/1/481977/100/0/threaded http://www.securityfocus.com/bid/26009 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-5419
https://notcve.org/view.php?id=CVE-2007-5419
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. El router 3Com 3CRWER100-75 con software 1.2.10ww, cuando se encuentra activada la opción de servidor virtual, configura este servidor para aceptar todas las fuentes IP sobre el interfaz externo (Internet) al menos que el usuario seleccione otras opciones, lo cual podria exponer al routera tráfico de entrada no intencionado desde ataques remotos, como se demostró a través de la configuración de un servidor virtual sobre el puerto 80, lo cual podría permitir a atacantes remotos acceder al interfaz de gestión web. • http://osvdb.org/43657 http://securityreason.com/securityalert/3217 http://www.securityfocus.com/archive/1/481977/100/0/threaded http://www.securityfocus.com/bid/26009 • CWE-16: Configuration •
CVE-2007-3711
https://notcve.org/view.php?id=CVE-2007-3711
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. Vulnerabilidad no especificada en TOS 2.1.x, 2.2.x versiones anteriores a 2.2.5, y 2.5.x versiones anteriores a 2.5.2 en TippingPoint IPS permite a atacantes remotos evitar detección al enviar determinados fragmentos de paquetes. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html http://osvdb.org/35969 http://secunia.com/advisories/26017 http://www.3com.com/securityalert/alerts/3COM-07-002.html http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_3Com_TippingPoint_IPS_Detection_Bypass_2.pdf http://www.securityfocus.com/archive/1/473394/100/0/threaded http://www.securityfocus.com/bid/24861 http://www.securitytracker.com/id?1018386 http://www.vupen.com/english/advisories/2007/2489 htt • CWE-20: Improper Input Validation •