Vulnerabilities > Sonicwall > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-31 | CVE-2012-2626 | Improper Authentication vulnerability in Sonicwall Scrutinizer 8.6.2/9.0.0/9.0.1 cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | 5.0 |
| 2012-07-30 | CVE-2012-2962 | SQL Injection vulnerability in Sonicwall Scrutinizer SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. | 6.5 |
| 2009-12-04 | CVE-2009-2631 | Permissions, Privileges, and Access Controls vulnerability in multiple products Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. | 6.8 |
| 2008-11-04 | CVE-2008-4918 | Cross-site Scripting vulnerability in Sonicwall Sonicos Enhanced Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | 4.3 |
| 2008-05-12 | CVE-2008-2162 | Cross-Site Scripting vulnerability in Sonicwall E-Mail Security 6.1.1 Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. | 4.3 |
| 2005-05-02 | CVE-2005-1006 | Cross-site Scripting vulnerability in Sonicwall Soho Firmware 5.1.7.0 Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | 4.3 |
| 2003-12-31 | CVE-2003-1320 | Resource Management Errors vulnerability in Sonicwall Firmware SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. | 5.1 |
| 2002-12-31 | CVE-2002-2341 | Cross-Site Scripting vulnerability in Sonicwall Soho3 6.3.0.0 Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | 4.3 |
| 2002-12-31 | CVE-2002-2181 | Unspecified vulnerability in Sonicwall Content Filtering SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. | 5.0 |
| 2001-01-09 | CVE-2000-1098 | Unspecified vulnerability in Sonicwall Soho Firewall 4.0.0/5.0.0 The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | 5.0 |