Pulse Connect Secure and Pulse Policy Secure Multiple Security Vulnerabilities

Pulse Connect Secure and Pulse Policy Secure are prone to the following vulnerabilities:

1. An arbitrary file read vulnerability
2. An arbitrary file-write vulnerability
3. A session-hijacking vulnerability
4. Multiple cross-site scripting vulnerabilities
5. Multiple information disclosure vulnerabilities
6. A stack-based buffer-overflow vulnerability
7. A command-injection vulnerability
8. An arbitrary code-execution vulnerability

An attacker can exploit these issues to access arbitrary files in the context of the application, write arbitrary files, hijack an arbitrary session and gain unauthorized access, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain sensitive information, inject and execute arbitrary commands and execute arbitrary code in the context of the application.


Privacy Statement
Copyright 2010, SecurityFocus