This paper is the result of various security assessments performed on several CheckPoint/SofaWare firewalls in both a controlled (computer lab) and production environments during several penetration tests. Several different CheckPoint/SofaWare firewall models were purchased for testing in their computer lab. By having full access to the target devices, it becomes possible to discover new vulnerabilities that could be missed during a standard unauthenticated penetration test.
c35375f660fa53fbebaaebb25ec6173e990a9bc1e26ffd2917339ccfbf6a2454
CheckPoint/Sofaware firewalls suffer from redirection, cross site request forgery, cross site scripting, and information disclosure vulnerabilities.
5ae76cdada41d919af4e21bd1b0d36824ad80b60a77057ebb204db615d421663
HP System Management Homepage suffers from multiple cross site scripting vulnerabilities.
99f2488279fb151519b0edb33eb7e2752234eacfbf392e7175fe011728ee9565
Mitel Audio and Web Conferencing version 4.4.30 suffers from multiple cross site scripting vulnerabilities.
89f24d51c3ff886d0bd19239c449f15af0c50c1c88a3ec85cd52c0e52a1fd8a2
KeyFax Response Management System version 3.2.2.6 suffers from cross site scripting and information disclosure vulnerabilities.
a61a149c3434df8b6fdb5b0b31cf5a857eaa9a52d5b3e26a7f96a758867acfd8
BMC Dashboards version 7.6.01 suffers from cross site scripting and arbitrary file reading vulnerabilities.
94e598cb8a417f4029046945b2b6cbe27cca569b5151f8df4790880703c96972
BMC Remedy Knowledge Management version 7.5.00 suffers from authentication bypass and cross site scripting vulnerabilities.
d356dd4cf96a5d6f7f2a2ab438039bdf3b5378931ce917cdfbaf91429aab6d07
Adobe ColdFusion suffers from multiple cross site scripting and information disclosure vulnerabilities in the administration console.
d873c49e2d5b51031c48ef05bac08618d85d900ad26132a94d2342aa6e42ee80
The WordPress Viva Thumbs add-on suffers from a directory traversal vulnerability.
e0129edf99ac555bc7e005155bad8318e57f383b886ea7b15325a3c2f6908bfb
Mitel's AWC (Mitel Audio and Web Conferencing) suffers from an unauthenticated remote command execution vulnerability.
d8ebd53382f1971b52183a49644b0acc8ffacacf752faf70fcaba699b9613c61
PHP Universal Web Messenger suffers from a cross-domain redirect vulnerability.
3d11a6d4f9d5cdf42c90ac17922caf1bba35357aa4b5bbdfd7e1d98500977074
BlogCFC suffers from multiple cross site scripting vulnerabilities.
4a5f358eaed72d5ca282ae8e50804475f5e28c6ce5892b58a294a6f1fbd50eca
Mura CMS version 5.2.2085 suffers from multiple cross site scripting vulnerabilities.
9d4bb82fb22f559637164afc13054f172d012612b19b9a0b1fbc6c059f0d39aa
The HP System Management Homepage suffers from multiple cross site scripting vulnerabilities. Versions 3.0.0.68, 3.0.2.77 and 6.1.0.103 have all been found affected.
53a9041c70d9e51c0569b7768b8ae8e00a154b6d73b60ce6004bc7053e66c59d
DotNetNuke CMS suffers from a cross site scripting vulnerability.
e2cee82f66c17ce4cc491e556a580f9bf0bb2e17c96c5440ce18037d77ac55b8
The Adobe Coldfusion administration console suffers from a traversal vulnerability that allows for unauthenticated file retrieval.
59cbe441b1cfdd493b736961317513e747a4567e06054074f35b525e6cd63aed
Procheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.
b19b3cf027c13feb0c9453befa1a1695ad3c71996e2d1625b3489dfef480afba
There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
326494fa568636de33e0f91b5754e4162844799a25a06bf6b2e512036e7a8781
The Apache Axis2 administration console version 1.4.1 suffers from a cross site scripting vulnerability.
ed58940ac4538c0cd3fe086d4b9d9375b502074e41a4c5e2e8c33d83524a35ab
3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Various IMC pages are vulnerable to a reflective XSS attack, including the login page. Various pages also disclose information including the SQL sa account password which might be used to assist in carrying out further attacks.
14a0d934e67f92397613f7bba706a6ee6f5fb1c8d47058c1d6c0df0cd0fa51c2
3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Procheckup has discovered that the IMC management console is vulnerable to an unauthenticated directory traversal attack within the reporting functionality.
6192a54caa6b9d2367e3f0145e14d891d023f72d8b43f7842e66482213d45191
Portwise SSL VPN version 4.6 suffers from a cross site scripting vulnerability.
d9b96b55dfa2056ae70f1178f252fe1ab57454ee9e6be79fb320310542a95c6a
CommonSpot Server suffers from a cross site scripting vulnerability.
df67dfe5debcbb27e0fef223695bfa6598ccdaa78f99196c76f1ec8693d28f42
HP System Management
ddcc79a177acbbd59d6d2d079154c3d46d3fcfdbb7f16e567efe08e109ead8d5
Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8348d6de98893f1fbe8f491cb7e3dbf8a1f1b7c208a476cf8a27a8b3c4e972c9