CVE-2015-2248 – Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-2248
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. Vulnerabilidad de CSRF en el portal del usuario en los productos Dell SonicWALL Secure Remote Access (SRA) con firmware anterior a 7.5.1.0-38sv y 8.x anterior a 8.0.0.1-16sv permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que crean favoritos a través de una solicitud manipulada a cgi-bin/editBookmark. • https://www.exploit-db.com/exploits/36940 http://packetstormsecurity.com/files/131762/Dell-SonicWALL-Secure-Remote-Access-7.5-8.0-CSRF.html http://www.scip.ch/en/?vuldb.75111 http://www.securityfocus.com/bid/73098 http://www.securitytracker.com/id/1032227 https://support.software.dell.com/product-notification/151370?productName=SonicWALL%20SRA%20Series • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-7025 – SonicWALL Gms 7.x - Filter Bypass / Persistent
https://notcve.org/view.php?id=CVE-2013-7025
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Múltiples vulnerabilidades XSS en ematStaticAlertTypes.jsp en la sección de ajustes de alertas en Dell SonicWALL Global Management System (GMS), Analyzer, y UMA EM5000 7.1 SP1 anterior al Hotfix 134235 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de los parámetros (1) valfield_1 o (2) value_1 a createNewThreshold.jsp. • https://www.exploit-db.com/exploits/30054 http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html http://osvdb.org/100610 http://seclists.org/fulldisclosure/2013/Dec/32 http://secunia.com/advisories/55923 http://www.exploit-db.com/exploits/30054 http://www.securityfocus.com/bid/64103 http://www.securitytracker.com/id/1029433 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf http://www.vulnerability-lab.com/get_content.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-1006 – SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-1006
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. • https://www.exploit-db.com/exploits/25331 http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html http://secunia.com/advisories/14823 http://securitytracker.com/id?1013638 http://www.oliverkarow.de/research/SonicWall.txt http://www.osvdb.org/15261 http://www.osvdb.org/15262 http://www.securityfocus.com/bid/12984 https://exchange.xforce.ibmcloud.com/vulnerabilities/19958 https://exchange.xforce.ibmcloud.com/vulnerabilities/19960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2003-1320
https://notcve.org/view.php?id=CVE-2003-1320
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. • http://www.kb.cert.org/vuls/id/287771 http://www.kb.cert.org/vuls/id/AAMN-5L74VD • CWE-399: Resource Management Errors •
CVE-2001-1104 – Linux Kernel 2.2 - Predictable TCP Initial Sequence Number
https://notcve.org/view.php?id=CVE-2001-1104
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. • https://www.exploit-db.com/exploits/19522 http://www.securityfocus.com/archive/1/199632 http://www.securityfocus.com/bid/3098 •