Search criteria
3 vulnerabilities by airmagnet
CVE-2006-5741 (GCVE-0-2006-5741)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/449119/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/29919 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/29918 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/29920 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/20602 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449739/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/451978/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/22475 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "29919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29919"
},
{
"name": "29918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29918"
},
{
"name": "29920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29920"
},
{
"name": "20602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "29919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29919"
},
{
"name": "29918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29918"
},
{
"name": "29920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29920"
},
{
"name": "20602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "29919",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29919"
},
{
"name": "29918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29918"
},
{
"name": "29920",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29920"
},
{
"name": "20602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5741",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5746 (GCVE-0-2006-5746)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/29921 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/449119/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20602 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449739/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/451978/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/22475 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29921"
},
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "20602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29921"
},
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "20602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29921",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29921"
},
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "20602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5746",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5742 (GCVE-0-2006-5742)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/449119/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/20602 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449739/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/451978/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/22475 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "20602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka \"Cross-Application Scripting (XAS)\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "20602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka \"Cross-Application Scripting (XAS)\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061018 Airmagnet management interfaces multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449119/100/200/threaded"
},
{
"name": "20602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20602"
},
{
"name": "20061025 Web-style Wireless IDS attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449739/100/100/threaded"
},
{
"name": "20061117 Re: Airmagnet management interfaces multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451978/100/100/threaded"
},
{
"name": "22475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5742",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}