258671
|
- |
|
symantec
|
web_gateway web_gateway_appliance_8450 web_gateway_appliance_8490
|
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of un…
|
CWE-352
Origin Validation Error
|
CVE-2013-4671
|
2014-01-17 14:17 |
2013-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258672
|
- |
|
symantec
|
web_gateway web_gateway_appliance_8450 web_gateway_appliance_8490
|
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4672
|
2014-01-17 14:17 |
2013-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258673
|
- |
|
symantec
|
web_gateway web_gateway_appliance_8450 web_gateway_appliance_8490
|
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
|
CWE-78
OS Command
|
CVE-2013-1616
|
2014-01-17 14:13 |
2013-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258674
|
- |
|
symantec
|
web_gateway web_gateway_appliance_8450 web_gateway_appliance_8490
|
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands v…
|
CWE-89
SQL Injection
|
CVE-2013-1617
|
2014-01-17 14:13 |
2013-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258675
|
- |
|
stunnel
|
stunnel
|
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary…
|
CWE-94
Code Injection
|
CVE-2013-1762
|
2014-01-17 14:13 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258676
|
- |
|
wellintech
|
kingalarm\&event kinggraphic kingscada
|
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client mach…
|
CWE-94
Code Injection
|
CVE-2013-2827
|
2014-01-17 02:21 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258677
|
- |
|
wellintech
|
kingalarm\&event kinggraphic kingscada
|
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attac…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2826
|
2014-01-17 02:18 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258678
|
- |
|
sierrawireless
|
raven_x_ev-do_firmware airlink_mp_at\&t airlink_mp_at\&t_wifi airlink_mp_bell airlink_mp_bell_wifi airlink_mp_row airlink_mp_row_wifi airlink_mp_sprint airlink_mp_spri…
|
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
|
CWE-287
Improper Authentication
|
CVE-2013-2820
|
2014-01-17 01:47 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258679
|
- |
|
sierrawireless
|
raven_x_ev-do_firmware airlink_mp_at\&t airlink_mp_at\&t_wifi airlink_mp_bell airlink_mp_bell_wifi airlink_mp_row airlink_mp_row_wifi airlink_mp_sprint airlink_mp_spri…
|
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) upd…
|
CWE-255
Credentials Management
|
CVE-2013-2819
|
2014-01-17 01:44 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258680
|
- |
|
sierrawireless
|
raven_x_ev-do_firmware airlink_mp_at\&t airlink_mp_at\&t_wifi airlink_mp_bell airlink_mp_bell_wifi airlink_mp_row airlink_mp_row_wifi airlink_mp_sprint airlink_mp_spri…
|
Per: http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf
"Products affected by this vulnerability include the Raven X, Raven XE, Raven XT, …
|
CWE-255
Credentials Management
|
CVE-2013-2819
|
2014-01-17 01:44 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|