CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2CVE-2008-1320 – asg-sentry 7.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1320
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161. Múltiples desbordamientos de búfer en ASG-Sentry Network Manager versión 7.0.0 y anteriores permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (fallo) mediante (1) una petición especialmente larga a FxIAList en el puerto 6162 TCP o (2) una petición SNMP con una cadena de comunidad especialmente larga a FxAgent en el puerto 6161 UDP. • https://www.exploit-db.com/exploits/5229 http://aluigi.altervista.org/adv/asgulo-adv.txt http://secunia.com/advisories/29289 http://securityreason.com/securityalert/3737 http://www.securityfocus.com/archive/1/489359/100/0/threaded http://www.securityfocus.com/bid/28188 http://www.vupen.com/english/advisories/2008/0839/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41082 https://exchange.xforce.ibmcloud.com/vulnerabilities/41086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4CVE-2008-1321 – asg-sentry 7.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1321
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands. El servicio FxIAList de ASG-Sentry Network Manager versión 7.0.0 y anteriores implementa mecanismo de autenticación que permite a atacantes remotos provocar una denegación de servicio (finalización del servicio) mediante la utilización del comando exit en el puerto 6162 TCP y tiene otras consecuencias al utilizar otros comandos. • https://www.exploit-db.com/exploits/5229 http://aluigi.altervista.org/adv/asgulo-adv.txt http://secunia.com/advisories/29289 http://securityreason.com/securityalert/3737 http://www.securityfocus.com/archive/1/489359/100/0/threaded http://www.securityfocus.com/bid/28188 http://www.vupen.com/english/advisories/2008/0839/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41084 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 4CVE-2008-1322 – asg-sentry 7.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1322
The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability. La utilidad de evaluación de ficheros (fcheck.exe) en ASG-Sentry Network Manager versión 7.0.0 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) o sobreescribir ficheros de su elección mediante una cadena de consulta que especifique la opción -b, probablemente debido a una vulnerabilidad de inyección de argumento. • https://www.exploit-db.com/exploits/5229 http://aluigi.altervista.org/adv/asgulo-adv.txt http://secunia.com/advisories/29289 http://securityreason.com/securityalert/3737 http://www.securityfocus.com/archive/1/489359/100/0/threaded http://www.securityfocus.com/bid/28188 http://www.vupen.com/english/advisories/2008/0839/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41080 •