CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3485 – Juniper Junos 8.5/9.0 J - Web Interface 'PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3485
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. Vulnerabilidad de ejecución de secuencias de comandos remotos en sitios cruzados (XSS) en la interface J-Web en Juniper JUNOS v8.5R1.14 y v9.0R1.1 permite a atacantes remotos ejecutar código web o HTML de su elección a través de PATH_INFO en la URI por defecto. • https://www.exploit-db.com/exploits/33257 http://secunia.com/advisories/36829 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08 http://www.securityfocus.com/bid/36537 http://www.vupen.com/english/advisories/2009/2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 4CVE-2009-3486 – Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3486
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. Múltiples vulnerabilidades de secuencias de comandos en (XSS) la interface J-Web en Juniper JUNOS v8.5R1.14 permite a usuarios autenticados remotamente ejecutar código web y HTML de su elección a través del parámetro host en (1) el programa pinghost, accesible a través del programa diagnose; o (2) el programa traceroute, accesible a través del programa diagnose; o (3)el parámetro probe-limit en el programa configuration; los (4) parámetros wizard-ids o (5)parámetro pager-new-identifier en una acción firewall-filters en el programa configuration (6) parámetro the cos-physical-interface-name en una acción cos-physical-interfaces-edit en el programa configuration; los parámetros (7) wizard-args o (8) wizard-ids en una acción snmp en el programa configuration; los parámetros(9) username o (10) fullname en una acción users en el programa configuration; o los parámetros (11) certname o (12) certbody en una acción local-cert (como https) en el programa configuration. • https://www.exploit-db.com/exploits/33259 https://www.exploit-db.com/exploits/33258 http://secunia.com/advisories/36829 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09 http://www.securityfocus.com/bid/36537 http://www.vupen.com/english/advisories/2009/2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2007-6372
https://notcve.org/view.php?id=CVE-2007-6372
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. Una vulnerabilidad no especificada en Juniper JUNOS versiones 7.3 hasta 8.4, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de paquetes BGP malformados, posiblemente paquetes BGP UPDATE que desencadenan un flapping de sesión. • http://secunia.com/advisories/28100 http://www.kb.cert.org/vuls/id/929656 http://www.osvdb.org/39157 http://www.securityfocus.com/bid/26869 http://www.securityfocus.com/bid/28999 http://www.securitytracker.com/id?1019100 http://www.vupen.com/english/advisories/2007/4223 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 7%CPEs: 17EXPL: 0CVE-2006-3529
https://notcve.org/view.php?id=CVE-2006-3529
Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. Fuga de memoria en Juniper JUNOS de 6.4 a 8.0, construidos antes del 10 de mayo de 2006, permite a atacantes remotos provocar una denegación de servicio (agotamiento del paquete de memoria del núcleo y caída) a través de paquetes IPv6 manipulados cuyos búfers no se liberan después de ser procesados. • http://secunia.com/advisories/21003 http://securitytracker.com/id?1016460 http://www.juniper.net/support/security/alerts/EXT-PSN-2006-06-017.txt http://www.juniper.net/support/security/alerts/IPv6_bug.txt http://www.kb.cert.org/vuls/id/294036 http://www.osvdb.org/27132 http://www.securityfocus.com/bid/18930 http://www.vupen.com/english/advisories/2006/2742 https://exchange.xforce.ibmcloud.com/vulnerabilities/27654 •
CVSS: 5.0EPSS: 5%CPEs: 11EXPL: 0CVE-2004-0467
https://notcve.org/view.php?id=CVE-2004-0467
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. • http://secunia.com/advisories/14049 http://securitytracker.com/id?1013039 http://www.kb.cert.org/vuls/id/409555 http://www.kb.cert.org/vuls/id/JSHA-68ZJCQ http://www.niscc.gov.uk/niscc/docs/al-20050126-00067.html?lang=en http://www.redhat.com/support/errata/RHSA-2005-081.html http://www.securityfocus.com/bid/12379 https://exchange.xforce.ibmcloud.com/vulnerabilities/19094 •