CVE-2004-2621
https://notcve.org/view.php?id=CVE-2004-2621
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. • http://secunia.com/advisories/12881 http://securitytracker.com/id?1011846 http://www.osvdb.org/11002 http://www.securityfocus.com/bid/11495 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&subcategory=6&subtype=&DocumentOID=276620&RenditionID=REND159588 https://exchange.xforce.ibmcloud.com/vulnerabilities/17812 •
CVE-2004-1105
https://notcve.org/view.php?id=CVE-2004-1105
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. Nortel Networks Contivity VPN Client muestra un mensaje de error dependiendo de si el nombre de usuario es válido o no, lo que podría permitir a atacantes remotos obtener información sensible. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0291.html http://www.kb.cert.org/vuls/id/830214 http://www.kb.cert.org/vuls/id/CRDY-626N7F http://www.nii.co.in/vuln/contivity.html http://www.securityfocus.com/bid/11623 https://exchange.xforce.ibmcloud.com/vulnerabilities/17988 •
CVE-2000-0064
https://notcve.org/view.php?id=CVE-2000-0064
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. • http://www.osvdb.org/7583 http://www.securityfocus.com/bid/938 •
CVE-2000-0063
https://notcve.org/view.php?id=CVE-2000-0063
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. • http://www.securityfocus.com/bid/938 •