Page 2 of 10 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3

CVE-2014-5024

https://notcve.org/view.php?id=CVE-2014-5024

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. Vulnerabilidad de XSS en sgms/panelManager en Dell SonicWALL GMS, Analyzer y UMA anterior a 7.2 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro node_id. • http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jul/125 http://secunia.com/advisories/60287 http://www.securityfocus.com/bid/68829 https://support.software.dell.com/product-notification/128245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-0332 – DELL SonicWALL Universal Management Suite 7.1 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2014-0332

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. Vulnerabilidad de XSS en mainPage en Dell SonicWALL GMS anterior a 7.1 SP2, SonicWALL Analyzer anterior a 7.1 SP2 y SonicWALL UMA E5000 anterior a 7.1 SP2 podría permitir a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro node_id en una acción ScreenDisplayManager genNetwork. DELL SonicWALL Universal Management Suite version 7.x suffers from a cross site scripting vulnerability. • http://osvdb.org/103216 http://www.kb.cert.org/vuls/id/727318 http://www.securityfocus.com/bid/65498 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/91062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 5

CVE-2013-7025 – SonicWALL Gms 7.x - Filter Bypass / Persistent

https://notcve.org/view.php?id=CVE-2013-7025

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Múltiples vulnerabilidades XSS en ematStaticAlertTypes.jsp en la sección de ajustes de alertas en Dell SonicWALL Global Management System (GMS), Analyzer, y UMA EM5000 7.1 SP1 anterior al Hotfix 134235 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de los parámetros (1) valfield_1 o (2) value_1 a createNewThreshold.jsp. • https://www.exploit-db.com/exploits/30054 http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html http://osvdb.org/100610 http://seclists.org/fulldisclosure/2013/Dec/32 http://secunia.com/advisories/55923 http://www.exploit-db.com/exploits/30054 http://www.securityfocus.com/bid/64103 http://www.securitytracker.com/id/1029433 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf http://www.vulnerability-lab.com/get_content.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 6

CVE-2013-1359 – SonicWALL Gms 6 - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2013-1359

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. Se presenta una Vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Analyzer versión 7.0, Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0; Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0, 5.1 y 6.0 por medio del parámetro skipSessionCheck en la interfaz UMA (/appliance/), lo que podría permitir a un usuario malicioso remoto obtener acceso a la cuenta root. • https://www.exploit-db.com/exploits/24322 https://www.exploit-db.com/exploits/24204 http://www.exploit-db.com/exploits/24204 http://www.exploit-db.com/exploits/24322 http://www.securityfocus.com/bid/57445 http://www.securitytracker.com/id/1028007 https://exchange.xforce.ibmcloud.com/vulnerabilities/81367 https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns https://packetstormsecurity.com/files/author/7547 https://seclists.org/fulldisclosure/2013&#x • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 21%CPEs: 12EXPL: 2

CVE-2013-1360 – SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass

https://notcve.org/view.php?id=CVE-2013-1360

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. Se presenta una vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versión 7.0, Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0 y 6.0, por medio de una petición diseñada en la interfaz SGMS, que podría permitir a un usuario malicioso remoto obtener acceso administrativo. SonicWALL GMS/Viewpoint/Analyzer suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/24203 http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html http://www.exploit-db.com/exploits/24203 http://www.securityfocus.com/bid/57446 http://www.securitytracker.com/id/1028007 https://exchange.xforce.ibmcloud.com/vulnerabilities/81366 https://packetstormsecurity.com/files/cve/CVE-2013-1360 • CWE-287: Improper Authentication •