Vulnerabilities > Ingate > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-15 | CVE-2008-0263 | Resource Management Errors vulnerability in Ingate Firewall and Ingate Siparator The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. | 5.0 |
| 2007-11-22 | CVE-2007-6096 | Credentials Management vulnerability in Ingate Firewall and Ingate Siparator Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | 5.0 |
| 2007-11-22 | CVE-2007-6095 | Information Exposure vulnerability in Ingate Firewall and Ingate Siparator The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | 4.0 |
| 2007-11-22 | CVE-2007-6094 | Improper Input Validation vulnerability in Ingate Firewall and Ingate Siparator The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | 4.3 |
| 2007-06-11 | CVE-2007-3177 | Improper Authentication vulnerability in Ingate Firewall and Ingate Siparator Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | 5.0 |
| 2007-06-11 | CVE-2007-3176 | Remote Security vulnerability in Ingate Siparator Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. | 4.0 |
| 2006-06-09 | CVE-2006-2925 | Cross-Site Scripting vulnerability in Ingate Firewall Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. | 4.0 |
| 2006-06-09 | CVE-2006-2924 | Remote SSL/TLS Handshake Denial Of Service vulnerability in Ingate Firewall and SIParator Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | 5.0 |
| 2005-05-02 | CVE-2005-0311 | Unspecified vulnerability in Ingate Firewall Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | 4.6 |