MailDepot version 2033 (2.3.3022) suffers from a cross site scripting vulnerability.
f82776b6e406fc3d421c55e64c73955573843831dc5dcd361b30f289b3c99402MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.
32ab4f6645b5760f2cd58298371554aeca5c3729abaf3ad7500e4ee9b6054b7eMailDepot version 2032 SP2 (2.2.1242) suffers from a session expiration design issue.
700f980163d0fca1ea48e794d6af4f154b44ba1253811ef8c5c1d57d881a5603Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from a caching bypass vulnerability.
e66fad2ae92f73fb782b7c631067c3bb1b0caaccc40cc4f59aeef45ae61b351dCitrix Gateway versions 11.1, 12.0, and 12.1 suffer from a cache poisoning vulnerability.
0015b1f67eb00244860fff58d081b6a94b03615ce41aa999c016ebe81945506bCitrix Gateway versions 11.1, 12.0, and 12.1 suffer from an information disclosure vulnerability.
aca831367203c586cf693ab95a5e463eeaa4d60eae5b4d5efe517d8da98e9aa8Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.
9539232da19e15d0629fcca3bd000fa2358a6f53a457c9651cc76e622d7bb99dHMS Netbiter WS100 versions 3.30.5 and below suffer from a cross site scripting vulnerability.
b25d8c561ac388470d4efeffe2d90dd3752e59062fa9352f51b292ec96b86a9ePolycom VVX 500 / VVX 601 versions 5.8.0.12848 and below suffer from an information exposure vulnerability.
3946095174c52f0117914befe41f9b683f9acdfb9bf275dc1ae13b547ebad25bPolycom VVX 500 / VVX 601 versions 5.8.0.12848 and below suffer from a man-in-the-middle vulnerability.
7b5fbf76b7eba76a71529c6ea57d610f4fcc5779b2d7571076b77a2832b5f4dbAudioCodes 440HD / 450HD IP Phone versions 3.1.2.89 and below suffer from a man-in-the-middle vulnerability.
60e19e61a99c7d9dabb6688f443d8a862df2c3e07135d755e7dfeaf5d3b99db3Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.
71b7c538dc235667bda1e21c050149a2a4aa82d2b550a41e97c9f1758d8d7dbfHP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1bCisco Expressway version 8.8.1 suffers from an access control bypass that allows an attacker to leverage the application for internal port scanning.
a361dfbad67cdbc85d866b203c31e7071f2f67698c9fe8627ebe4531801d3757NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.
0d8b132a98ae866b25e976fa91c028b7f87513113e4275ea391b836b58886260FTP Rush version 2.1.8 fails to validate X.509 certificates.
08db1ca6e7f0ad3753320343d94123a3e0682c3ebd85684834dbf71b50e8349dCyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.
541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.
c02e58412a1d791bba874a01d9d7de079487428a4d6386a5000a3a88f7464688Palo Alto Networks GlobalProtect version 1.1.5-5 fails to validate the X.509 certificate from the VPN gateway.
bff092db177f25c89ce9c73bf1a73f97eb7d696e490318ef7d240cfbd37cab70gastbuch versions 1.3.2 and below are susceptible to cross site scripting.
10800f5d68d19645c993ed7441ba1f86c4a93f2b7c2442a311397c86bf4e10c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed