CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2011-2165 – Watchguard XCS 10.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-2165
The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación de STARTTLS en WatchGuard XCS v9.0 y v9.1 no restringe de forma correcta el búfer de I/O, lo que permite que mediante ataques de "hombre en medio", se inserten comandos el las sesiones SMTP cifradas, enviando un comando en texto plano, que es procesado después de TLS en su lugar, en relación a una " inyección de comandos de texto claro " ataque, un problema similar a CVE-2011-0411. • https://www.exploit-db.com/exploits/37440 http://secunia.com/advisories/44753 http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M75 http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_1_1/EN_ReleaseNotes_WG_XCS_9_1_TLS_Hotfix.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/67729 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2008-1618
https://notcve.org/view.php?id=CVE-2008-1618
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. El servicio PPTP VPN en Watchguard Firebox versiones anteriores a 10, al realizar la negociación de autenticación MS-CHAPv2, genera diferentes códigos de error dependiendo de si el nombre de usuario es válido o no válido, lo que permite a los atacantes remotos enumerar nombres de usuario comprobados. • http://secunia.com/advisories/29708 http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf http://www.osvdb.org/44218 http://www.securityfocus.com/bid/28619 http://www.securitytracker.com/id?1019796 http://www.vupen.com/english/advisories/2008/1152/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2003-0642
https://notcve.org/view.php?id=CVE-2003-0642
WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. WatchGuard ServerLock para Windows 2000 anteriores a SL 2.0.4 permite a usuarios locales acceder a memoria del kernel mediante un ataque de enlaces simbólicos en DevicePhysicalMemory • http://marc.info/?l=bugtraq&m=105848106631132&w=2 http://secunia.com/advisories/9310 http://www.securityfocus.com/bid/8223 https://exchange.xforce.ibmcloud.com/vulnerabilities/12666 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2003-0641
https://notcve.org/view.php?id=CVE-2003-0641
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. WatchGuard ServerLock para Windows 2000 anteriores a SL 2.0.3 permite a usuarios locales cargar ficheros arbitrarios mediante la función OpenProcess(), como ha sido demostrado usando (1) un ataque de inyección de DLL, (2) ZwSetSystemInformation, y (3) una función API enganchada a OpenProcess. • http://marc.info/?l=bugtraq&m=105848106631132&w=2 http://secunia.com/advisories/9310 http://www.osvdb.org/6578 http://www.securityfocus.com/bid/8222 https://exchange.xforce.ibmcloud.com/vulnerabilities/12665 •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2002-1519
https://notcve.org/view.php?id=CVE-2002-1519
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter. Vulnerabilidad de cadena de formato en el interfaz CLI de Watchguard Firebox Vclass 3.2 y anteriores, RSSA Appliance 3.0.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante especificadores de cadenas de formateo en el parámetro de contraseña. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html http://www.iss.net/security_center/static/10217.php http://www.osvdb.org/4924 http://www.securityfocus.com/bid/5814 •