4 results (0.006 seconds)

CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 0

Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame. Aruba Mobility Controller v2.4.8.x-FIPS, v2.5.x, v3.1.x, v3.2.x, v3.3.1.x, y v3.3.2.x permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) mediante una trama deformada del protocolo de autenticación extensible (EAP - Extensible Authentication Protocol). • http://secunia.com/advisories/33057 http://securityreason.com/securityalert/4728 http://www.arubanetworks.com/support/alerts/aid-12808.asc http://www.securityfocus.com/archive/1/499014/100/0/threaded http://www.securityfocus.com/bid/32694 http://www.securitytracker.com/id?1021362 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz web de Aruba Mobility Controller versiones 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x y 3.3.1.x, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio de vectores no especificados. • http://secunia.com/advisories/30262 http://www.arubanetworks.com/support/alerts/aid-051408.asc http://www.securityfocus.com/archive/1/492113/100/0/threaded http://www.securityfocus.com/bid/29240 http://www.securitytracker.com/id?1020033 https://exchange.xforce.ibmcloud.com/vulnerabilities/42433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0

Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. Vulnerabilidad no especificada en la característica de autenticación LDAP en Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, y 2.4.8.11-FIPS o anteriores permite a atacantes remotos evitar los mecanismos de autenticación y obtener acceso a la interfaz de acceso o gestión del VPN. • http://secunia.com/advisories/28357 http://securityreason.com/securityalert/3529 http://www.arubanetworks.com/support/alerts/aid-122207.asc http://www.securityfocus.com/archive/1/485831/100/0/threaded http://www.securityfocus.com/bid/27144 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la página de entrada en la interfaz de gestión en el controlador Aruba 800 Mobility 2.5.4.18 y anterior, y 2.4.8.6-FIPS y anterior, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO en la URI /screens. relacionado con la variable url. • https://www.exploit-db.com/exploits/30771 http://arubanetworks.com/support/alerts/aid-070907b.asc http://osvdb.org/45301 http://securityreason.com/securityalert/3380 http://www.kb.cert.org/vuls/id/680449 http://www.securityfocus.com/archive/1/483778/100/0/threaded http://www.securityfocus.com/bid/26465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •