CVSS: 4.3EPSS: 17%CPEs: 6EXPL: 5CVE-2010-2103 – Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2103
27 May 2010 — Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en axis2-admin/axis2-adm... • https://www.exploit-db.com/exploits/12689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6395
https://notcve.org/view.php?id=CVE-2008-6395
04 Mar 2009 — The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. La interfaz de gestión Web de 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) a través de una solicitud HTTP POST mal formada. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064226.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5419
https://notcve.org/view.php?id=CVE-2007-5419
12 Oct 2007 — The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. El router 3Com 3CRWER100-75 con software 1.2.10ww, cuando se encuentra ... • http://osvdb.org/43657 • CWE-16: Configuration •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5420
https://notcve.org/view.php?id=CVE-2007-5420
12 Oct 2007 — The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. El router 3Com 3CRWER100-75 con el software 1.2.10ww, cuando la administración remota está deshabilitada pero un servidor web ha sido configurado, sirve una página web a clientes externos, lo que permite a atacantes remotos obtener informac... • http://osvdb.org/45490 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 8%CPEs: 23EXPL: 3CVE-2007-3701 – TippingPoint IPS - Unicode Character Detection Bypass
https://notcve.org/view.php?id=CVE-2007-3701
11 Jul 2007 — TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. TippingPoint IPS versiones anteriores a 20070710 no maneja apropiadamente el alternativo codificado en hexadecimal de un caracter '/' (barra), lo cual podría permitir a atacantes remotos enviar determinado tráfico de red y evitar la detección, como se demuestra con un ataqu... • https://www.exploit-db.com/exploits/30287 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2007-3711
https://notcve.org/view.php?id=CVE-2007-3711
11 Jul 2007 — Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. Vulnerabilidad no especificada en TOS 2.1.x, 2.2.x versiones anteriores a 2.2.5, y 2.5.x versiones anteriores a 2.5.2 en TippingPoint IPS permite a atacantes remotos evitar detección al enviar determinados fragmentos de paquetes. • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0210.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3533
https://notcve.org/view.php?id=CVE-2007-3533
03 Jul 2007 — The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. El conmutador 3Com IntelliJack Switch NJ220 anterior a 2.0.23 permite a atacantes remotos provocar una denegación de servicio (reinicio e imposibilidad de acceder a informes) mediante un paquete de interfaz local (loopback packet) con cero en el campo length(longitud). • http://osvdb.org/37791 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-3974 – 3Com OfficeConnect Secure Router 1.04-168 - 'Tk' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3974
11 Jun 2007 — Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en cgi-bin/admin en 3Com OfficeConnect Secure Router con firmware 1.04-168 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro tk. • https://www.exploit-db.com/exploits/30164 •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2007-2734
https://notcve.org/view.php?id=CVE-2007-2734
16 May 2007 — The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. 3Com TippingPoint IPS no maneja adecuadamente ciertas codificaciones de caracteres Unicode de ancho total (full-width) o mitad de ancho (half-width) en una petición HTTP POST, lo cual podría permitir a atacantes remotos evadir la detección de tráfico HTTP. • http://osvdb.org/35968 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2276
https://notcve.org/view.php?id=CVE-2007-2276
25 Apr 2007 — 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging. ** DISPUTADA ** 3Com TippingPoint IPS permite a atacantes remotos causar una denegación de servicio (cuelgue de dispositivo) a través de una inundación de paquetes en el puerto TCP 80 con un incr... • http://osvdb.org/35724 • CWE-399: Resource Management Errors •