| OSVDB ID | Disclosure Date | Title |
|---|
|
11839
Description:
3Com OfficeConnect ADSL Wireless 11g Firewall Router contains a flaw that may allow a remote denial of service. The issue is triggered when a large amount of UDP traffic occurs, and will result in loss of availability for the network device.
|
2004-11-16
|
3Com OfficeConnect ADSL Wireless 11g UDP Traffic Handling DoS
|
|
10780
Description:
3Com Office Connect ADSL Wireless Firewall Routers contain an unspecified boundary error that may allow an attacker to reboot vulnerable devices causing a denial of service condition. No further details have been provided.
|
2004-10-15
|
3Com OfficeConnect ADSL Wireless Firewall Router Unspecified Reboot DoS
|
|
68019
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue.
|
2010-09-15
|
3Com OfficeConnect Gigabit VPN Firewall Unspecified XSS
|
|
66231
Description:
Unknown / Incomplete
|
2009-10-18
|
3Com OfficeConnect Router Admin Password Local Disclosure
|
|
66230
Description:
By default, 3Com OfficeConnect Routers install with multiple default passwords. The following account:password combinations are publicly known and documented: support:support, user:5, nobody:admin, (no username)/PASSWORD. This allows attackers to trivially access the program or system.
|
2009-10-18
|
3Com OfficeConnect Router Multiple Default Accounts
|
|
66232
Description:
Unknown / Incomplete
|
2009-10-18
|
3Com OfficeConnect Router utility.cgi IP Parameter Arbitrary Command Execution
|
|
36888
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
|
2007-06-08
|
3Com OfficeConnect Secure Router tk Parameter XSS
|
|
93280
Description:
By default, 3com OfficeConnect VPN Firewall installs with default user credentials (username/password combination). The Web Interface has a password of 'admin', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
|
2013-05-12
|
3com OfficeConnect VPN Firewall Web Interface Default Password
|
|
18256
Description:
3com OfficeConnect Wireless 11g Access Point contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when certain hidden web pages are accessed by unauthenticated users, which will disclose sensitive information resulting in a loss of confidentiality.
|
2005-07-25
|
3Com OfficeConnect Wireless 11g Access Point Hidden Pages Information Disclosure
|
|
13095
Description:
OfficeConnect contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an access control error allowing anyone to access certain hidden pages via the web interface, which will disclose administrative information resulting in a loss of confidentiality.
|
2005-01-20
|
3Com OfficeConnect Wireless 11g AP Router Information Disclosure
|
|
10779
Description:
3Com OfficeConnect ADSL Wireless Firewall Routers contains an undisclosed flaw related to the DHCP service. No further details have been provided.
|
2004-10-15
|
3Com OfficeConnect Wireless Firewall Router DHCP Service Unspecified Issue
|
|
10778
Description:
3Com OfficeConnect Wireless 11g Firewall Routers contain a flaw related to the logon IP that may allow an attacker to view duplicate logon IP addresses. No further details have been provided.
|
2004-10-15
|
3Com OfficeConnect Wireless Firewall Router Duplicate Login IP Issue
|
|
52072
Description:
3Com OfficeConnect Wireless Router contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests the SaveCfgFile.cgi, which will disclose the device backup configuration information resulting in a loss of confidentiality.
|
2009-02-09
|
3Com OfficeConnect Wireless Router SaveCfgFile.cgi Backup Configuration Disclosure
|
|
44251
Description:
Unknown / Incomplete
|
1998-05-10
|
3Com SNMP Cleartext Router Password Disclosure
|
|
7246
Description:
The 3COM SuperStack 3 switch contains a flaw that may allow a remote denial of service. The issue is triggered when a remote authenticated attacker sends in a specially crafted http request to the web management interface which will result in a reset of the device.
|
2004-06-24
|
3Com SuperStack 3 Switch Crafted HTTP Request DoS
|
|
30379
Description:
(Description Provided by CVE) : 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
|
2006-10-19
|
3Com SuperStack 3 Switch SNMP String Disclosure
|
|
89356
Description:
By default, Multiple 3Com SuperStack 3000 Switch routers install with default user credentials (username/password combination). The 'monitor' account has a password of 'monitor, the 'manager' account has a password of 'manager', and the 'admin' account has no password. These credentials are publicly known and document, which allows remote attackers to trivially access the program or system and gain privileged access.
|
2004-04-27
|
3Com SuperStack 3000 Switch Multiple Default Credentials
|
|
620
Description:
By default, 3COM SuperStack II switches install with a default password. The security account has a password of security which is publicly known and documented. This allows attackers to trivially access the program or system.
|
2002-09-12
|
3Com SuperStack II Default Password
|
|
6056
Description:
Management information base(MIB) for 3Com SuperStack II hub contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an object identifier accessible by a read-only community string leads to lists the entire table of community strings, allowing attackers to conduct unauthorized activities resulting in a loss of confidentiality.
|
1999-08-30
|
3Com SuperStack II Hub MIB Community String Disclosure
|
|
89425
Description:
By default, 3Com SuperStack II PS Hub installs with default user credentials (username/password combination) for the administrator account. The 'admin' account has no password, which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
|
1997-10-10
|
3Com SuperStack II PS Hub Default Admin Credentials
|
|
50431
Description:
Unknown / Incomplete
|
2003-03-24
|
3Com SuperStack II RAS 1500 Crafted IP Packet Remote DoS
|
|
50430
Description:
Unknown / Incomplete
|
2003-03-24
|
3Com SuperStack II RAS 1500 user_settings.cfg Remote Information Disclosure
|
|
44249
Description:
By default, 3Com SuperStack II Switches install with multiple default accounts. The monitor, manager and security accounts each have a password the same as the account name, which is publicly known and documented. This allows attackers to trivially access the program or system.
|
1998-05-10
|
3Com SuperStack II Switch Multiple Default Accounts
|
|
52949
Description:
Unknown / Incomplete
|
2009-03-19
|
3Com Switch 5500 / 5500G Logbuffer Cleartext Password Disclosure
|
|
5435
Description:
(Description Provided by CVE) : The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
|
2004-04-09
|
3Com Telnet Server Brute Force Attack Weakness
|
|
31512
Description:
Unknown / Incomplete
|
2006-11-30
|
3Com TFTP Service Long Transporting Mode Overflow
|
|
27523
Description:
(Description Provided by CVE) : TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet.
|
2006-07-24
|
3Com TippingPoint IPS Crafted Packet Layer 2 Mode Inspection Bypass
|
|
35969
Description:
(Description Provided by CVE) : Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
|
2007-07-11
|
3Com TippingPoint IPS Fragmented Packets Detection Bypass
|
|
35970
Description:
(Description Provided by CVE) : TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
|
2007-07-11
|
3Com TippingPoint IPS Hex Encoded Extended Unicode Detection Bypass
|
|
35968
Description:
(Description Provided by CVE) : The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.
|
2007-05-15
|
3Com TippingPoint IPS HTTP Unicode Encoding Detection Bypass
|
