CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 5CVE-2009-3487 – Juniper Junos 8.5/9.0 J - Web Interface (Multiple Script) 'm[]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3487
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la interface J-Web en Juniper JUNOS v8.5R1.14 permite a usuarios autentificados remotos ejecutar código web o HTML a su elección a través de (1) el parámetro JEXEC_OUTID en una acción EXEC_MODE_RELAY_OUTPUT en el programa jexec; los parámetros (2) act, (3) refresh-time, o (4) ifid en scripter.php; (5) el parámetro revision en una acción rollback en el programa configuration; el parámetro m[] en el(6) monitor, (7) manage, (8) events, (9) configuration, o (10) programa alarms; (11) el parámetro m[] en la URI por defecto; (12) el parámetro m[] en una acción browse en la URI por defecto; (13) el parámetro wizard-next en una acción https en el programa configuración; o (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, o (18) parámetro System Name Override SNMP , relacionado con el programa configuration program. • https://www.exploit-db.com/exploits/33261 https://www.exploit-db.com/exploits/33260 http://secunia.com/advisories/36829 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-10 http://www.securityfocus.com/bid/36537 http://www.vupen.com/english/advisories/2009/2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2007-6372
https://notcve.org/view.php?id=CVE-2007-6372
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. Una vulnerabilidad no especificada en Juniper JUNOS versiones 7.3 hasta 8.4, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de paquetes BGP malformados, posiblemente paquetes BGP UPDATE que desencadenan un flapping de sesión. • http://secunia.com/advisories/28100 http://www.kb.cert.org/vuls/id/929656 http://www.osvdb.org/39157 http://www.securityfocus.com/bid/26869 http://www.securityfocus.com/bid/28999 http://www.securitytracker.com/id?1019100 http://www.vupen.com/english/advisories/2007/4223 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 7%CPEs: 17EXPL: 0CVE-2006-3529
https://notcve.org/view.php?id=CVE-2006-3529
Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. Fuga de memoria en Juniper JUNOS de 6.4 a 8.0, construidos antes del 10 de mayo de 2006, permite a atacantes remotos provocar una denegación de servicio (agotamiento del paquete de memoria del núcleo y caída) a través de paquetes IPv6 manipulados cuyos búfers no se liberan después de ser procesados. • http://secunia.com/advisories/21003 http://securitytracker.com/id?1016460 http://www.juniper.net/support/security/alerts/EXT-PSN-2006-06-017.txt http://www.juniper.net/support/security/alerts/IPv6_bug.txt http://www.kb.cert.org/vuls/id/294036 http://www.osvdb.org/27132 http://www.securityfocus.com/bid/18930 http://www.vupen.com/english/advisories/2006/2742 https://exchange.xforce.ibmcloud.com/vulnerabilities/27654 •
CVSS: 5.0EPSS: 5%CPEs: 11EXPL: 0CVE-2004-0467
https://notcve.org/view.php?id=CVE-2004-0467
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. • http://secunia.com/advisories/14049 http://securitytracker.com/id?1013039 http://www.kb.cert.org/vuls/id/409555 http://www.kb.cert.org/vuls/id/JSHA-68ZJCQ http://www.niscc.gov.uk/niscc/docs/al-20050126-00067.html?lang=en http://www.redhat.com/support/errata/RHSA-2005-081.html http://www.securityfocus.com/bid/12379 https://exchange.xforce.ibmcloud.com/vulnerabilities/19094 •