CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2007-2333
https://notcve.org/view.php?id=CVE-2007-2333
27 Apr 2007 — Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. Nortel VPN Router (también conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 5_05.149, 5_05.3xx anterior 5_05.304, y 6.x anterior 6_05.140 incluyen las cuentas por defecto FIPSecryptedtest1219 y FIPSunecrypt... • http://osvdb.org/35055 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2007-2334
https://notcve.org/view.php?id=CVE-2007-2334
27 Apr 2007 — Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. Nortel VPN Router (también conocido como Contivity) 1000, 2000, 4000, y 5000 anterior a 5_05.149, 5_05.3xx anterior 5_05.304, y 6.x anterior 6_05.140 tiene dos archivos de plantilla html que car... • http://osvdb.org/35056 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2579
https://notcve.org/view.php?id=CVE-2005-2579
16 Aug 2005 — Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. • http://marc.info/?l=bugtraq&m=112370730131219&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2005-1802
https://notcve.org/view.php?id=CVE-2005-1802
27 May 2005 — Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. • http://securitytracker.com/id?1014068 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2005-0844
https://notcve.org/view.php?id=CVE-2005-0844
24 Mar 2005 — Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111151589203707&w=2 • CWE-310: Cryptographic Issues •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2621
https://notcve.org/view.php?id=CVE-2004-2621
31 Dec 2004 — Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. • http://secunia.com/advisories/12881 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2004-1105
https://notcve.org/view.php?id=CVE-2004-1105
01 Dec 2004 — Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. Nortel Networks Contivity VPN Client muestra un mensaje de error dependiendo de si el nombre de usuario es válido o no, lo que podría permitir a atacantes remotos obtener información sensible. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0291.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0063
https://notcve.org/view.php?id=CVE-2000-0063
17 Jan 2000 — cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. • http://www.securityfocus.com/bid/938 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0064
https://notcve.org/view.php?id=CVE-2000-0064
17 Jan 2000 — cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. • http://www.osvdb.org/7583 •