Filtered by vendor 3com
Subscribe
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2103 | 3 3com, Apache, Sap | 3 Intelligent Management Center, Axis2, Business Objects | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3711 | 1 3com | 1 Tippingpoint Ips Tos | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. | |||||
| CVE-2007-3701 | 2 3com, Tippingpoint | 2 Tippingpoint Ips Tos, Tipping Point | 2025-04-09 | 7.5 HIGH | N/A |
| TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | |||||
| CVE-2006-5382 | 1 3com | 1 Superstack 3 Switch 4400 | 2025-04-09 | 7.5 HIGH | N/A |
| 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. | |||||
| CVE-2007-2734 | 1 3com | 8 3crtpx505-73, 3crx506-96, Tippingpoint 200 and 5 more | 2025-04-09 | 7.5 HIGH | N/A |
| The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2025-04-09 | 2.6 LOW | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | |||||
| CVE-2008-6395 | 1 3com | 1 Wireless 8760 Dual-radio | 2025-04-09 | 7.8 HIGH | N/A |
| The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | |||||
| CVE-2007-2276 | 1 3com | 1 Tippingpoint Ips | 2025-04-09 | 7.8 HIGH | N/A |
| 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging. | |||||
| CVE-2006-6183 | 1 3com | 1 3ctftpsvc | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. | |||||
| CVE-2006-3974 | 1 3com | 1 3cr860-95 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | |||||
| CVE-2007-3533 | 1 3com | 1 3cnj220 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. | |||||
| CVE-2007-5419 | 1 3com | 1 3crwe554g72t | 2025-04-09 | 10.0 HIGH | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | |||||
| CVE-2004-0476 | 1 3com | 1 3cp4144 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port. | |||||
| CVE-2004-1977 | 1 3com | 1 Webbngss3nbxnts | 2025-04-03 | 5.0 MEDIUM | N/A |
| 3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode. | |||||
| CVE-2004-0477 | 1 3com | 1 3cp4144 | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass. | |||||
| CVE-2001-0352 | 2 3com, Symbol | 2 3crwe747a, 41x1 Access Point | 2025-04-03 | 5.0 MEDIUM | N/A |
| SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB. | |||||
| CVE-2004-2691 | 1 3com | 3 3c17205-us, 3c17210-us, Superstack 3 Switch | 2025-04-03 | 7.1 HIGH | N/A |
| Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports. | |||||
| CVE-2005-0112 | 1 3com | 1 3crwe454g72 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs. | |||||
| CVE-2002-2300 | 1 3com | 1 Webbngss3nbxnts | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command. | |||||
| CVE-2006-0993 | 1 3com | 1 Tippingpoint Sms Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings. | |||||