Search criteria
3 vulnerabilities by esoft
CVE-2007-3787 (GCVE-0-2007-3787)
Vulnerability from cvelistv5 – Published: 2007-07-15 23:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://labs.calyptix.com/CX-2007-05.php | x_refsource_MISC |
| http://osvdb.org/38175 | vdb-entryx_refsource_OSVDB |
| http://labs.calyptix.com/CX-2007-05.txt | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/473663/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/26005 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "38175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "26005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "38175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "26005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://labs.calyptix.com/CX-2007-05.php",
"refsource": "MISC",
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "38175",
"refsource": "OSVDB",
"url": "http://osvdb.org/38175"
},
{
"name": "http://labs.calyptix.com/CX-2007-05.txt",
"refsource": "MISC",
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "26005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3787",
"datePublished": "2007-07-15T23:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3788 (GCVE-0-2007-3788)
Vulnerability from cvelistv5 – Published: 2007-07-15 23:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/38173 | vdb-entryx_refsource_OSVDB |
| http://labs.calyptix.com/CX-2007-05.php | x_refsource_MISC |
| http://labs.calyptix.com/CX-2007-05.txt | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/473663/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/26005 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38173",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "26005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38173",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "26005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38173",
"refsource": "OSVDB",
"url": "http://osvdb.org/38173"
},
{
"name": "http://labs.calyptix.com/CX-2007-05.php",
"refsource": "MISC",
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "http://labs.calyptix.com/CX-2007-05.txt",
"refsource": "MISC",
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "26005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3788",
"datePublished": "2007-07-15T23:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3786 (GCVE-0-2007-3786)
Vulnerability from cvelistv5 – Published: 2007-07-15 23:00 – Updated: 2024-08-07 14:28 Disputed
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.eweek.com/article2/0%2C1759%2C2154646%… | x_refsource_MISC |
| http://osvdb.org/38174 | vdb-entryx_refsource_OSVDB |
| http://labs.calyptix.com/CX-2007-05.php | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2007/2539 | vdb-entryx_refsource_VUPEN |
| http://labs.calyptix.com/CX-2007-05.txt | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/473663/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26005 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-07-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eweek.com/article2/0%2C1759%2C2154646%2C00.asp"
},
{
"name": "38174",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "ADV-2007-2539",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "instagate-unspecified-csrf(35372)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35372"
},
{
"name": "26005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eweek.com/article2/0%2C1759%2C2154646%2C00.asp"
},
{
"name": "38174",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "ADV-2007-2539",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "instagate-unspecified-csrf(35372)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35372"
},
{
"name": "26005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26005"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eweek.com/article2/0,1759,2154646,00.asp",
"refsource": "MISC",
"url": "http://www.eweek.com/article2/0,1759,2154646,00.asp"
},
{
"name": "38174",
"refsource": "OSVDB",
"url": "http://osvdb.org/38174"
},
{
"name": "http://labs.calyptix.com/CX-2007-05.php",
"refsource": "MISC",
"url": "http://labs.calyptix.com/CX-2007-05.php"
},
{
"name": "ADV-2007-2539",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2539"
},
{
"name": "http://labs.calyptix.com/CX-2007-05.txt",
"refsource": "MISC",
"url": "http://labs.calyptix.com/CX-2007-05.txt"
},
{
"name": "20070711 Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473663/100/0/threaded"
},
{
"name": "instagate-unspecified-csrf(35372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35372"
},
{
"name": "26005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3786",
"datePublished": "2007-07-15T23:00:00.000Z",
"dateReserved": "2007-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}