CVE-2015-3990 – Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3990
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. La aplicación web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. • http://www.securityfocus.com/bid/74756 http://www.securitytracker.com/id/1032373 http://www.zerodayinitiative.com/advisories/ZDI-15-231 https://support.software.dell.com/product-notification/152178 • CWE-19: Data Processing Errors •
CVE-2014-8420 – Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8420
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. La aplicación web ViewPoint en Dell SonicWALL Global Management System (GMS) anterior a 7.2 SP2, SonicWALL Analyzer anterior a 7.2 SP2, y SonicWALL UMA anterior a 7.2 SP2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. • http://www.securityfocus.com/bid/71241 http://www.zerodayinitiative.com/advisories/ZDI-14-385 https://exchange.xforce.ibmcloud.com/vulnerabilities/98911 https://support.software.dell.com/product-notification/136814 • CWE-20: Improper Input Validation •
CVE-2014-5024
https://notcve.org/view.php?id=CVE-2014-5024
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. Vulnerabilidad de XSS en sgms/panelManager en Dell SonicWALL GMS, Analyzer y UMA anterior a 7.2 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro node_id. • http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jul/125 http://secunia.com/advisories/60287 http://www.securityfocus.com/bid/68829 https://support.software.dell.com/product-notification/128245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0332 – DELL SonicWALL Universal Management Suite 7.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-0332
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. Vulnerabilidad de XSS en mainPage en Dell SonicWALL GMS anterior a 7.1 SP2, SonicWALL Analyzer anterior a 7.1 SP2 y SonicWALL UMA E5000 anterior a 7.1 SP2 podría permitir a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro node_id en una acción ScreenDisplayManager genNetwork. DELL SonicWALL Universal Management Suite version 7.x suffers from a cross site scripting vulnerability. • http://osvdb.org/103216 http://www.kb.cert.org/vuls/id/727318 http://www.securityfocus.com/bid/65498 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/91062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7025 – SonicWALL Gms 7.x - Filter Bypass / Persistent
https://notcve.org/view.php?id=CVE-2013-7025
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Múltiples vulnerabilidades XSS en ematStaticAlertTypes.jsp en la sección de ajustes de alertas en Dell SonicWALL Global Management System (GMS), Analyzer, y UMA EM5000 7.1 SP1 anterior al Hotfix 134235 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de los parámetros (1) valfield_1 o (2) value_1 a createNewThreshold.jsp. • https://www.exploit-db.com/exploits/30054 http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html http://osvdb.org/100610 http://seclists.org/fulldisclosure/2013/Dec/32 http://secunia.com/advisories/55923 http://www.exploit-db.com/exploits/30054 http://www.securityfocus.com/bid/64103 http://www.securitytracker.com/id/1029433 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf http://www.vulnerability-lab.com/get_content.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •