CVSS: 6.1EPSS: 20%CPEs: 1EXPL: 2CVE-2022-35416
https://notcve.org/view.php?id=CVE-2022-35416
11 Jul 2022 — H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. H3C SSL VPN versiones hasta 10-07-2022, permite una vulnerabilidad de tipo XSS en la cookie del archivo wnm/login/login.json svpnlang • https://github.com/safe3s/CVE-2022-35416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 1CVE-2012-4043
https://notcve.org/view.php?id=CVE-2012-4043
26 Jul 2012 — Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en global-protect/login.esp en los portales Palo Alto Networks Global Protect Data, Global Protect Gateway y SSL VPN v3.1.x a v3.1.... • http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 71%CPEs: 2EXPL: 3CVE-2007-5603 – SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution
https://notcve.org/view.php?id=CVE-2007-5603
05 Nov 2007 — Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. Desbordamiento de búfer basado en pila en el control ActiveX SonicWall SSL-VPN NetExtender NELaunchCtrl anterior a 2.1.0.51, y 2.5.x anterior a 2.5.0.56, permite a atacantes remotos ejecutar código de su elección mediante una cadena larga en el segundo a... • https://www.exploit-db.com/exploits/4594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2007-5814
https://notcve.org/view.php?id=CVE-2007-5814
05 Nov 2007 — Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. Múltiples desbordamientos de búfer en el control de ActiveX onicWall SSL-VPN NetExtender NELaunchCtrl anterior a... • http://secunia.com/advisories/27469 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 3CVE-2005-4197 – Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation
https://notcve.org/view.php?id=CVE-2005-4197
13 Dec 2005 — tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. • https://www.exploit-db.com/exploits/26771 •