vpn software vulnerabilities
vulnerabilities.aspcode.net
Searching vpn software vulnerabilities
sshd program in the Rapidstream 2.1 Beta VPN ap
Rapidstream
|
hard-coded
|
appliance
|
attackers
|
"rsadmin"
|
arbitrary
|
commands
|
password
|
account
|
execute
|
program
|
allows
|
remote
|
which
|
Beta
|
sshd
|
null
|
via
|
ssh
|
has
|
VPN
|
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
VPN Server module in Linksys EtherFast BEFVP41
EtherFast
|
Cable/DSL
|
BEFVP41
|
Linksys
|
before
|
Router
|
Server
|
module
|
VPN
|
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
Information leaks in Cisco VPN 3000 Concentrato
Information
|
Cisco
|
leaks
|
VPN
|
Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
Cisco VPN 3000 Concentrator 2.2.x, and 3.x befo
Cisco
|
VPN
|
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), an
Cisco
|
VPN
|
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name.
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), an
Cisco
|
VPN
|
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets.
Buffer overflows in the Cisco VPN 5000 Client b
overflows
|
Buffer
|
Cisco
|
VPN
|
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
tinc 1.0pre3 and 1.0pre4 VPN does not authentic
cut-and-paste
|
authenticate
|
detection
|
forwarded
|
attackers
|
sessions
|
contents
|
possibly
|
without
|
attacks
|
control
|
packets
|
inject
|
10pre4
|
allows
|
remote
|
10pre3
|
which
|
tinc
|
into
|
data
|
user
|
does
|
CBC
|
not
|
VPN
|
via
|
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x
Firewall
|
Cisco
|
PIX
|
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
Cisco VPN 3000 series concentrators and Cisco V
Cisco
|
VPN
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
Cisco VPN 3000 series concentrators and Cisco V
Cisco
|
VPN
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
Cisco VPN 3000 series concentrators and Cisco V
Cisco
|
VPN
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
Web-Based Administration in Netgear FVS318 VPN
Administration
|
attackers
|
Web-Based
|
service
|
Netgear
|
remote
|
denial
|
FVS318
|
Router
|
allows
|
cause
|
VPN
|
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Multiple unknown vulnerabilities in the ActiveX
vulnerabilities
|
Clientless
|
browsers
|
Symantec
|
Multiple
|
unknown
|
ActiveX
|
Gateway
|
HTML
|
file
|
VPN
|
Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01,
Contivity
|
Client
|
Nortel
|
VPN
|
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
SafeNet SoftRemote VPN Client stores the VPN pa
SoftRemote
|
password
|
SafeNet
|
stores
|
Client
|
VPN
|
SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.
Nortel VPN client 5.01 stores the cleartext pas
client
|
Nortel
|
VPN
|
Nortel VPN client 5.01 stores the cleartext password in the memory or the Extranet.exe process, which could allow local users to obtain sensitive information.
Nortel VPN Router (aka Contivity) allows remote
Router
|
Nortel
|
VPN
|
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
Avaya VPNRemote before 4.2.33 stores credential
VPNRemote
|
before
|
Avaya
|
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
my.activation.php3 in F5 FirePass 4100 SSL VPN
myactivationphp3
|
FirePass
|
my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.
Software vulnerabilities results 1 to 20 of 72
Page:
1
2
3
4
►