netscreen security software vulnerabilities
vulnerabilities.aspcode.net
Searching netscreen security software vulnerabilities
Internet Explorer 4.0 and 5.0 allows a remote a
vulnerability
|
different
|
malicious
|
Explorer
|
security
|
Internet
|
attacker
|
context
|
variant
|
scripts
|
execute
|
frame"
|
"cross
|
allows
|
remote
|
using
|
URLs
|
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
A Windows NT account policy for passwords has i
security-critical
|
inappropriate
|
uniqueness
|
passwords
|
settings
|
password
|
Windows
|
account
|
policy
|
length
|
has
|
age
|
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
A Windows NT system's file audit policy does no
security-critical
|
directories
|
system's
|
failure
|
Windows
|
success
|
policy
|
audit
|
event
|
files
|
file
|
does
|
not
|
log
|
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
A Windows NT system's registry audit policy doe
security-critical
|
registry
|
system's
|
failure
|
success
|
Windows
|
policy
|
event
|
audit
|
does
|
keys
|
not
|
log
|
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
Vulnerability in The Web Information Gateway (T
Vulnerability
|
Information
|
Gateway
|
Web
|
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
NetScreen ScreenOS before 2.6.1 does not suppor
NetScreen
|
ScreenOS
|
before
|
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
Unknown vulnerability in AIX before 4.0 with un
vulnerability
|
"security
|
vectors
|
Unknown
|
IY28225
|
issue"
|
impact
|
before
|
attack
|
fixed
|
APAR
|
AIX
|
aka
|
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
Norton Internet Security 2001 opens log files w
Security
|
Internet
|
Norton
|
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
The Standard security setting for Mandrake-Secu
Mandrake-Security
|
security
|
Standard
|
package
|
setting
|
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
Buffer overflow in NetScreen-Remote 8.0 allows
NetScreen-Remote
|
attackers
|
arbitrary
|
possibly
|
Exchange
|
overflow
|
Internet
|
execute
|
crafted
|
service
|
allows
|
Buffer
|
denial
|
remote
|
cause
|
code
|
Key
|
via
|
Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload.
Unknown vulnerability in ScreenOS in Juniper Ne
vulnerability
|
NetScreen
|
attackers
|
firewall
|
Networks
|
ScreenOS
|
service
|
Unknown
|
Juniper
|
through
|
denial
|
allows
|
remote
|
cause
|
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Microsoft Baseline Security Analyzer (MBSA) 1.2
Microsoft
|
Analyzer
|
Security
|
Baseline
|
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
Firefox 1.0 does not invoke the Javascript Secu
Javascript
|
Security
|
Firefox
|
Manager
|
invoke
|
drags
|
user
|
does
|
not
|
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
Cisco switches that support 802.1x security all
Discovery
|
attackers
|
security
|
Protocol
|
switches
|
support
|
spoofed
|
access
|
bypass
|
remote
|
allow
|
Cisco
|
8021x
|
gain
|
port
|
VLAN
|
via
|
Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.
Behavioral discrepancy information leak in Juni
information
|
discrepancy
|
Behavioral
|
Netscreen
|
ScreenOS
|
running
|
Juniper
|
leak
|
VPN
|
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Juniper NetScreen-Security Manager (NSM) 2004 F
NetScreen-Security
|
Manager
|
Juniper
|
Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port).
BEA WebLogic Server and WebLogic Express 9.0 ca
security-relevant
|
administrator
|
inappropriate
|
providers
|
activated
|
WebLogic
|
security
|
perform
|
Express
|
actions
|
reboot
|
causes
|
Server
|
active
|
appear
|
which
|
cause
|
could
|
they
|
even
|
have
|
been
|
BEA
|
new
|
not
|
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
Buffer overflow in JuniperSetupDLL.dll, loaded
JuniperSetupDLLdll
|
JuniperSetupocx
|
ProductName
|
NetScreen
|
accessing
|
parameter
|
arbitrary
|
attackers
|
argument
|
overflow
|
running
|
execute
|
Juniper
|
SSL-VPN
|
remote
|
allows
|
Buffer
|
device
|
Client
|
loaded
|
before
|
42r81
|
50r61
|
53r21
|
52r41
|
long
|
51r8
|
code
|
IVE
|
via
|
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.
The WSEE runtime (WS-Security runtime) in BEA W
runtime
|
WSEE
|
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
sre/params.php in the Integrity Clientless Secu
sre/paramsphp
|
Clientless
|
Integrity
|
Security
|
sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.
Software vulnerabilities results 1 to 20 of 575
Page:
1
2
3
4
5
...
29
►