/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.

Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.

Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.

Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.

NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.

Denial of service in Axent Raptor firewall via malformed zero-length IP options.