CVSS: 6.1EPSS: 20%CPEs: 1EXPL: 2CVE-2022-35416
https://notcve.org/view.php?id=CVE-2022-35416
11 Jul 2022 — H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. H3C SSL VPN versiones hasta 10-07-2022, permite una vulnerabilidad de tipo XSS en la cookie del archivo wnm/login/login.json svpnlang • https://github.com/safe3s/CVE-2022-35416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 71%CPEs: 2EXPL: 3CVE-2007-5603 – SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution
https://notcve.org/view.php?id=CVE-2007-5603
05 Nov 2007 — Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. Desbordamiento de búfer basado en pila en el control ActiveX SonicWall SSL-VPN NetExtender NELaunchCtrl anterior a 2.1.0.51, y 2.5.x anterior a 2.5.0.56, permite a atacantes remotos ejecutar código de su elección mediante una cadena larga en el segundo a... • https://www.exploit-db.com/exploits/4594 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2007-5814
https://notcve.org/view.php?id=CVE-2007-5814
05 Nov 2007 — Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. Múltiples desbordamientos de búfer en el control de ActiveX onicWall SSL-VPN NetExtender NELaunchCtrl anterior a... • http://secunia.com/advisories/27469 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 3CVE-2005-4197 – Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation
https://notcve.org/view.php?id=CVE-2005-4197
13 Dec 2005 — tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. • https://www.exploit-db.com/exploits/26771 •