This paper is the result of various security assessments performed on several CheckPoint/SofaWare firewalls in both a controlled (computer lab) and production environments during several penetration tests. Several different CheckPoint/SofaWare firewall models were purchased for testing in their computer lab. By having full access to the target devices, it becomes possible to discover new vulnerabilities that could be missed during a standard unauthenticated penetration test.
c35375f660fa53fbebaaebb25ec6173e990a9bc1e26ffd2917339ccfbf6a2454
CheckPoint/Sofaware firewalls suffer from redirection, cross site request forgery, cross site scripting, and information disclosure vulnerabilities.
5ae76cdada41d919af4e21bd1b0d36824ad80b60a77057ebb204db615d421663
HP System Management Homepage suffers from multiple cross site scripting vulnerabilities.
99f2488279fb151519b0edb33eb7e2752234eacfbf392e7175fe011728ee9565
Mitel Audio and Web Conferencing version 4.4.30 suffers from multiple cross site scripting vulnerabilities.
89f24d51c3ff886d0bd19239c449f15af0c50c1c88a3ec85cd52c0e52a1fd8a2
KeyFax Response Management System version 3.2.2.6 suffers from cross site scripting and information disclosure vulnerabilities.
a61a149c3434df8b6fdb5b0b31cf5a857eaa9a52d5b3e26a7f96a758867acfd8
BMC Dashboards version 7.6.01 suffers from cross site scripting and arbitrary file reading vulnerabilities.
94e598cb8a417f4029046945b2b6cbe27cca569b5151f8df4790880703c96972
BMC Remedy Knowledge Management version 7.5.00 suffers from authentication bypass and cross site scripting vulnerabilities.
d356dd4cf96a5d6f7f2a2ab438039bdf3b5378931ce917cdfbaf91429aab6d07
Adobe ColdFusion suffers from multiple cross site scripting and information disclosure vulnerabilities in the administration console.
d873c49e2d5b51031c48ef05bac08618d85d900ad26132a94d2342aa6e42ee80
The WordPress Viva Thumbs add-on suffers from a directory traversal vulnerability.
e0129edf99ac555bc7e005155bad8318e57f383b886ea7b15325a3c2f6908bfb
BlogCFC suffers from multiple cross site scripting vulnerabilities.
4a5f358eaed72d5ca282ae8e50804475f5e28c6ce5892b58a294a6f1fbd50eca
Mura CMS version 5.2.2085 suffers from multiple cross site scripting vulnerabilities.
9d4bb82fb22f559637164afc13054f172d012612b19b9a0b1fbc6c059f0d39aa
DotNetNuke CMS suffers from a cross site scripting vulnerability.
e2cee82f66c17ce4cc491e556a580f9bf0bb2e17c96c5440ce18037d77ac55b8
The Adobe Coldfusion administration console suffers from a traversal vulnerability that allows for unauthenticated file retrieval.
59cbe441b1cfdd493b736961317513e747a4567e06054074f35b525e6cd63aed
Procheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.
b19b3cf027c13feb0c9453befa1a1695ad3c71996e2d1625b3489dfef480afba
There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
326494fa568636de33e0f91b5754e4162844799a25a06bf6b2e512036e7a8781
The Apache Axis2 administration console version 1.4.1 suffers from a cross site scripting vulnerability.
ed58940ac4538c0cd3fe086d4b9d9375b502074e41a4c5e2e8c33d83524a35ab
3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Various IMC pages are vulnerable to a reflective XSS attack, including the login page. Various pages also disclose information including the SQL sa account password which might be used to assist in carrying out further attacks.
14a0d934e67f92397613f7bba706a6ee6f5fb1c8d47058c1d6c0df0cd0fa51c2
3Com's iMC (Intelligent Management Centre) provides professional management of 3Com and third party network devices, the IMC is normally accessed using a web browser over port 8080. Procheckup has discovered that the IMC management console is vulnerable to an unauthenticated directory traversal attack within the reporting functionality.
6192a54caa6b9d2367e3f0145e14d891d023f72d8b43f7842e66482213d45191
CommonSpot Server suffers from a cross site scripting vulnerability.
df67dfe5debcbb27e0fef223695bfa6598ccdaa78f99196c76f1ec8693d28f42
SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.
085ac75868915cdcd505723a58a8951419e5f53a87bd76e3d537fde452b51eec
HP System Management
ddcc79a177acbbd59d6d2d079154c3d46d3fcfdbb7f16e567efe08e109ead8d5
The Orion application server version 2.0 through 2.0.8 suffer from cross site scripting vulnerabilities.
785bd9d3ce450fcd5fded927dcadc6d6494e90bb158d98d343a0b0e06aff6208
The perl-status utility as included with Mod_perl suffers from a cross site scripting vulnerability.
de439bb421e77dc689929ce1ef77502f19c9bc54c7d2836c7d566630c8db74c5
Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8348d6de98893f1fbe8f491cb7e3dbf8a1f1b7c208a476cf8a27a8b3c4e972c9
An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager.
b9cdf1803245bb22824bf0f94a63052849f94ebcd387e642343d714cc5063316