Page 36 of 188 results (0.007 seconds)

CVSS: 9.3EPSS: 11%CPEs: 2EXPL: 4

CVE-2007-6273 – SonicWALL Global VPN Client 4.0.782 - Remote Format String

https://notcve.org/view.php?id=CVE-2007-6273

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. Múltiples vulnerabilidades de cadena de formato en el fichero de configuracion SonicWALL GLobal VPN Client 3.1.556 y 4.0.0.810. Permite que atacantes remotos ejecuten código a su elección, usando especificadores de cadena de formato en : (1) la etiqueta Hostname o el (2) atributo name en la etiqueta Connection. NOTA: puede que no existan circunstancias reales en las cuales este problema permita cruzar los límites establecidos por los privilegios. • https://www.exploit-db.com/exploits/30840 http://marc.info/?l=bugtraq&m=119678272603064&w=2 http://secunia.com/advisories/27917 http://www.sec-consult.com/305.html http://www.securityfocus.com/bid/26689 http://www.securitytracker.com/id?1019038 http://www.vupen.com/english/advisories/2007/4094 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 1

CVE-2007-5814

https://notcve.org/view.php?id=CVE-2007-5814

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. Múltiples desbordamientos de búfer en el control de ActiveX onicWall SSL-VPN NetExtender NELaunchCtrl anterior al 2.1.0.51, y el 2.5.x anterior al 2.5.0.56, permiten a atacantes remotos ejecutar código de su elección a través de valores largos de las propiedades (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName o (7) dnsSuffix. NOTA: el vector AddRouteEntry queda cubierta por la CVE-2007-5603. • http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http://www.vupen.com/english/advisories/2007/3696 https://exchange.xforce.ibmcloud.com/vulnerabilities/38220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 86%CPEs: 2EXPL: 3

CVE-2007-5603 – SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution

https://notcve.org/view.php?id=CVE-2007-5603

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. Desbordamiento de búfer basado en pila en el control ActiveX SonicWall SSL-VPN NetExtender NELaunchCtrl anterior a 2.1.0.51, y 2.5.x anterior a 2.5.0.56, permite a atacantes remotos ejecutar código de su elección mediante una cadena larga en el segundo argumento del método AddRouteEntry. • https://www.exploit-db.com/exploits/4594 https://www.exploit-db.com/exploits/16616 http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.kb.cert.org/vuls/id/298521 http://www.kb.cert.org/vuls/id/WDON-78K56M http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 3

CVE-2007-5815 – SonicWALL SSL VPN 1.3 3 WebCacheCleaner - ActiveX FileDelete Method Traversal Arbitrary File Deletion

https://notcve.org/view.php?id=CVE-2007-5815

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. Vulnerabilidad de salto de directorio absoluto en el control ActiveX WebCacheCleaner .13.0.3 de SonicWall SSL-VPN 200 anterior a 2.1, y SSL-VPN 2000/4000 anterior a 2.5, permite a atacantes remotos borrar archivos de su elección mediante un nombre de ruta completo en el argumento del método FileDelete. • https://www.exploit-db.com/exploits/30730 http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http://www.vupen.com/english/advisories/2007/3696 https://exchange.xforce.ibmcloud.com/vulnerabilities/38221 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4

CVE-2005-1006 – SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities

https://notcve.org/view.php?id=CVE-2005-1006

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. • https://www.exploit-db.com/exploits/25331 http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html http://secunia.com/advisories/14823 http://securitytracker.com/id?1013638 http://www.oliverkarow.de/research/SonicWall.txt http://www.osvdb.org/15261 http://www.osvdb.org/15262 http://www.securityfocus.com/bid/12984 https://exchange.xforce.ibmcloud.com/vulnerabilities/19958 https://exchange.xforce.ibmcloud.com/vulnerabilities/19960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •