6 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-35416

https://notcve.org/view.php?id=CVE-2022-35416

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. H3C SSL VPN versiones hasta 10-07-2022, permite una vulnerabilidad de tipo XSS en la cookie del archivo wnm/login/login.json svpnlang • https://github.com/safe3s/CVE-2022-35416 https://github.com/Docker-droid/H3C_SSL_VPN_XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1

CVE-2012-4043

https://notcve.org/view.php?id=CVE-2012-4043

Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en global-protect/login.esp en los portales Palo Alto Networks Global Protect Data, Global Protect Gateway y SSL VPN v3.1.x a v3.1.11 y v4.0.x a v4.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro InputStr en una acción de inicio de sesión. • http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html http://www.osvdb.org/83896 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 7%CPEs: 1EXPL: 3

CVE-2010-0703 – PortWise SSL VPN 4.6 - 'reloadFrame' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-0703

Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wa/auth en PortWise SSL VPN v4.6 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "reloadFrame". • https://www.exploit-db.com/exploits/33653 http://osvdb.org/62482 http://packetstormsecurity.org/1002-exploits/PR09-04.txt http://secunia.com/advisories/38627 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-04 http://www.securityfocus.com/archive/1/509584/100/0/threaded http://www.securityfocus.com/bid/38308 https://exchange.xforce.ibmcloud.com/vulnerabilities/56420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 1

CVE-2007-5814

https://notcve.org/view.php?id=CVE-2007-5814

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. Múltiples desbordamientos de búfer en el control de ActiveX onicWall SSL-VPN NetExtender NELaunchCtrl anterior al 2.1.0.51, y el 2.5.x anterior al 2.5.0.56, permiten a atacantes remotos ejecutar código de su elección a través de valores largos de las propiedades (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName o (7) dnsSuffix. NOTA: el vector AddRouteEntry queda cubierta por la CVE-2007-5603. • http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http://www.vupen.com/english/advisories/2007/3696 https://exchange.xforce.ibmcloud.com/vulnerabilities/38220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 86%CPEs: 2EXPL: 3

CVE-2007-5603 – SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution

https://notcve.org/view.php?id=CVE-2007-5603

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. Desbordamiento de búfer basado en pila en el control ActiveX SonicWall SSL-VPN NetExtender NELaunchCtrl anterior a 2.1.0.51, y 2.5.x anterior a 2.5.0.56, permite a atacantes remotos ejecutar código de su elección mediante una cadena larga en el segundo argumento del método AddRouteEntry. • https://www.exploit-db.com/exploits/4594 https://www.exploit-db.com/exploits/16616 http://secunia.com/advisories/27469 http://securityreason.com/securityalert/3342 http://www.kb.cert.org/vuls/id/298521 http://www.kb.cert.org/vuls/id/WDON-78K56M http://www.sec-consult.com/303.html http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt http://www.securityfocus.com/archive/1/483097/100/0/threaded http://www.securityfocus.com/bid/26288 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •