Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonicwall ssl vpn vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-5815
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 prior to 2.1, and SSL-VPN 2000/4000 prior to 2.5, allows remote malicious users to delete arbitrary files via a full pathname in the argument to the FileDelete method.
Sonicwall Ssl Vpn2000\\/4000
Sonicwall Ssl Vpn 200
1 EDB exploit
9.3
CVSSv2
CVE-2007-5814
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control prior to 2.1.0.51, and 2.5.x prior to 2.5.0.56, allow remote malicious users to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (...
Sonicwall Ssl Vpn
9.3
CVSSv2
CVE-2007-5603
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control prior to 2.1.0.51, and 2.5.x prior to 2.5.0.56, allows remote malicious users to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
Sonicwall Ssl Vpn
2 EDB exploits
6.8
CVSSv2
CVE-2009-2631
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products...
Cisco Adaptive Security Appliance
Sonicwall E-class Ssl Vpn
Sonicwall Ssl Vpn
Stonesoft Stonegate
Aladdin Safenet Securewire Access Gateway
9.3
CVSSv2
CVE-2010-2583
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) prior to 10.5.2 and 10.0.5 hotfix 3 allows remote malicious users to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPar...
Sonicwall Ssl-vpn End-point Interrogator\\/installer Activex Control
Sonicwall Ssl-vpn End-point Interrogator\\/installer Activex Control 10.0.5
7.5
CVSSv2
CVE-2011-5262
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote malicious users to execute arbitrary SQL commands via the CategoryID parameter.
Sonicwall Aventail Sra Ex9000 -
Sonicwall Aventail Sra Ex7000 -
Sonicwall Aventail Sra Ex6000 -
Sonicwall Aventail Sra Ex Virtual Appliance -
1 EDB exploit
NA
CVE-2023-5970
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated malicious user to create an identical external domain user using accent characters, resulting in an MFA bypass.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
NA
CVE-2023-44221
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
5
CVSSv2
CVE-2020-5132
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an atta...
Sonicwall Sma100 Firmware 10.2.0.2-20sv
Sonicwall Sma100 Firmware 12.4.0-2223
Sonicwall Sonicos 6.5.4.6-79n
9
CVSSv2
CVE-2022-1703
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated malicious user to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
Sonicwall Sma 210 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »