Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonicwall ssl vpn vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5815
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 prior to 2.1, and SSL-VPN 2000/4000 prior to 2.5, allows remote malicious users to delete arbitrary files via a full pathname in the argument to the FileDelete method.
Sonicwall Ssl Vpn2000\\/4000
Sonicwall Ssl Vpn 200
1 EDB exploit
NA
CVE-2007-5603
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control prior to 2.1.0.51, and 2.5.x prior to 2.5.0.56, allows remote malicious users to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
Sonicwall Ssl Vpn
2 EDB exploits
NA
CVE-2007-5814
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control prior to 2.1.0.51, and 2.5.x prior to 2.5.0.56, allow remote malicious users to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (...
Sonicwall Ssl Vpn
NA
CVE-2010-2583
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) prior to 10.5.2 and 10.0.5 hotfix 3 allows remote malicious users to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPar...
Sonicwall Ssl-vpn End-point Interrogator\\/installer Activex Control
Sonicwall Ssl-vpn End-point Interrogator\\/installer Activex Control 10.0.5
NA
CVE-2009-2631
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products...
Cisco Adaptive Security Appliance
Sonicwall E-class Ssl Vpn
Sonicwall Ssl Vpn
Stonesoft Stonegate
Aladdin Safenet Securewire Access Gateway
NA
CVE-2011-5262
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote malicious users to execute arbitrary SQL commands via the CategoryID parameter.
Sonicwall Aventail Sra Ex9000 -
Sonicwall Aventail Sra Ex7000 -
Sonicwall Aventail Sra Ex6000 -
Sonicwall Aventail Sra Ex Virtual Appliance -
1 EDB exploit
8.8
CVSSv3
CVE-2023-5970
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated malicious user to create an identical external domain user using accent characters, resulting in an MFA bypass.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
7.2
CVSSv3
CVE-2023-44221
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
5.3
CVSSv3
CVE-2020-5132
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an atta...
Sonicwall Sma100 Firmware 10.2.0.2-20sv
Sonicwall Sma100 Firmware 12.4.0-2223
Sonicwall Sonicos 6.5.4.6-79n
8.8
CVSSv3
CVE-2022-1703
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated malicious user to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
Sonicwall Sma 210 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »