18 results (0.010 seconds)

CVSS: 9.3EPSS: 80%CPEs: 1EXPL: 0

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. La interfaz de inicio de sesión en Symantec Enterprise Firewall 6.x, cuando está habilitada la VPN con autenticación por clave compartida previamente (pre-shared key o PSK), genera diferentes respuestas dependiendo de si un nombre de usuario es válido o no, lo cual permite a atacantes remotos enumerar nombres de usuario válidos. • http://secunia.com/advisories/26511 http://www.osvdb.org/36489 http://www.securityfocus.com/bid/25338 http://www.securitytracker.com/id?1018578 http://www.symantec.com/avcenter/security/Content/2007.08.16.html http://www.vupen.com/english/advisories/2007/2909 https://exchange.xforce.ibmcloud.com/vulnerabilities/36081 •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 2

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. • https://www.exploit-db.com/exploits/27852 http://secunia.com/advisories/20082 http://securityresponse.symantec.com/avcenter/security/Content/2006.05.10.html http://securitytracker.com/id?1016057 http://securitytracker.com/id?1016058 http://www.securityfocus.com/archive/1/433876/30/5040/threaded http://www.securityfocus.com/bid/17936 http://www.vupen.com/english/advisories/2006/1764 https://exchange.xforce.ibmcloud.com/vulnerabilities/26370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. • http://secunia.com/advisories/17684 http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html http://securitytracker.com/id?1015247 http://securitytracker.com/id?1015248 http://securitytracker.com/id?1015249 http://www.vupen.com/english/advisories/2005/2517 •

CVSS: 5.0EPSS: 41%CPEs: 5EXPL: 0

Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html http://secunia.com/advisories/14595 http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html http://securitytracker.com/id?1013451 http://www.isc.sans.org/diary.php?date=2005-03-04 https://exchange.xforce.ibmcloud.com/vulnerabilities/16423 https://exchange.xforce.ibmcloud.com/vulnerabilities/44530 •

CVSS: 9.3EPSS: 19%CPEs: 157EXPL: 1

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •