Searching vpn 1 software vulnerabilities

VPN Server module in Linksys EtherFast BEFVP41

EtherFast | Cable/DSL | BEFVP41 | Linksys | before | Router | Server | module | VPN |

VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.


Buffer overflows in Cisco Virtual Private Netwo

overflows | Virtual | Private | Network | Buffer | Cisco |

Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.


Information leaks in Cisco VPN 3000 Concentrato

Information | Cisco | leaks | VPN |

Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.


Cisco VPN 3000 Concentrator 2.2.x, and 3.x befo

Cisco | VPN |

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.


Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), an

Cisco | VPN |

Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets.


SafeNet VPN client allows remote attackers to c

arbitrary | attackers | possibly | Exchange | Internet | service | crafted | execute | SafeNet | allows | client | denial | remote | cause | code | Key | via | VPN |

SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflows using (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.


Cisco VPN 3000 series concentrators and Cisco V

Cisco | VPN |

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.


Cisco VPN 3000 series concentrators and Cisco V

Cisco | VPN |

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.


Cisco VPN 3000 series concentrators and Cisco V

Cisco | VPN |

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.


Nortel Contivity VPN Client 2.1.7, 3.00, 3.01,

Contivity | Client | Nortel | VPN |

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.


SafeNet SoftRemote VPN Client stores the VPN pa

SoftRemote | password | SafeNet | stores | Client | VPN |

SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.


Avaya VPNRemote before 4.2.33 stores credential

VPNRemote | before | Avaya |

Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.


Buffer overflow in the Internet Key Exchange ve

Internet | Exchange | overflow | version | Buffer | Key |

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.


Unspecified vulnerability in the VPN Client for

vulnerability | Unspecified | Graphical | Interface | Windows | Client | User | VPN |

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.


Internet Key Exchange (IKE) version 1 protocol,

Exchange | Internet | Key |

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.


Multiple unspecified vulnerabilities in Cisco V

vulnerabilities | unspecified | Multiple | Cisco | VPN |

Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.


Intoto iGateway VPN and iGateway SSL-VPN allow

context-dependent | attackers | iGateway | SSL-VPN | service | Intoto | denial | cause | allow | VPN |

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.


Cisco Secure Desktop (CSD) does not require tha

Desktop | Secure | Cisco |

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.


Software vulnerabilities results 1 to 20 of 5597     
Page: 12345...280