CVE-2014-5359
https://notcve.org/view.php?id=CVE-2014-5359
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa. Vulnerabilidad de salto de directorio en SafeNet Authentication Service (SAS) Outlook Web Access Agent (anteriormente CRYPTOCard) anterior a 1.03.30109 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro GetFile en owa/owa. • http://appcheck-ng.com/safenet-sas-owa-agent-directory-traversal-vulnerability http://www.safenet-inc.com/technical-support/security-updates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-5872
https://notcve.org/view.php?id=CVE-2014-5872
The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación SafeNetMobile Pass (también conocido como securecomputing.devices.android.controller) 8.3.7.11 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/487281 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVE-2011-3339
https://notcve.org/view.php?id=CVE-2011-3339
Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el "Admin Control Center" de Sentinel HASP Run-time Environment 5.95 y versiones anteriores de SafeNet Sentinel HASP (anteriormente Aladdin HASP SRM) run-time installer en versiones anteriores a 6.x y SDK anteriores a 5.11, tal como se utiliza en 7 Technologies (7T) IGSS 7 y otros productos, si Firefox 2.0 es utilizado, permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores desconocidos que provocan el acceso de escritura al archivo de configuración. • http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339 http://www.securityfocus.com/bid/51028 http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71789 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3861 – SafeNet SoftRemote - GROUPNAME Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3861
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). Desbordamiento de búfer basado en pila en SafeNet SoftRemote v10.8.5 (Build 2) y v10.3.5 (Build 6), y posiblemente otras versiones anteriores a v10.8.9, permite a usuarios locales ejecutar código de su elección a través de una cadena larga en (1) TREENAME o (2) un archivo GROUPNAME Policy (spd). • https://www.exploit-db.com/exploits/16643 http://www.securityfocus.com/archive/1/507593/100/0/threaded http://www.securitytracker.com/id?1023117 http://www.senseofsecurity.com.au/advisories/SOS-09-008 http://www.vupen.com/english/advisories/2009/3108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1943 – Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1943
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. Desbordamiento de búfer basado en pila en el servicio IKE (ireIke.exe) en SafeNet SoftRemote anterior a v10.8.6, permite a atacantes remotos ejecutar código de su elección a través de una petición larga UDP al puerto 62514. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Safenet Softremote IKE VPN service. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ireIke.exe service listening on UDP port 62514. The process does not adequately handle long requests resulting in a stack overflow. • https://www.exploit-db.com/exploits/16831 http://osvdb.org/54831 http://secunia.com/advisories/35280 http://www.securityfocus.com/archive/1/503981/100/0/threaded http://www.securityfocus.com/bid/35154 http://www.securitytracker.com/id?1022316 http://www.vupen.com/english/advisories/2009/1472 http://www.zerodayinitiative.com/advisories/ZDI-09-024 https://exchange.xforce.ibmcloud.com/vulnerabilities/50880 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •