ID: CVE-2005-4723 |
Title: D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. |
Type: Hardware |
Bulletins:
CVE-2005-4723 SFBID16621 |
Severity: Medium |
Description: D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | ||||
Applies to: DI-524 DI-624 DI-784 |
Created: 2005-12-31 |
Updated: 2020-08-14 |
ID: CVE-2005-4826 |
Title: Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different... |
Type: Hardware |
Bulletins:
CVE-2005-4826 SFBID22268 |
Severity: Medium |
Description: Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. | ||||
Applies to: |
Created: 2005-12-31 |
Updated: 2020-08-14 |
ID: CVE-2005-4499 |
Title: The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password,... |
Type: Hardware |
Bulletins:
CVE-2005-4499 SFBID16025 |
Severity: High |
Description: The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. | ||||
Applies to: Cisco PIX 501 Firewall Cisco PIX 506 Firewall Cisco PIX 515 Firewall Cisco PIX 515E Firewall Cisco PIX 520 Firewall Cisco PIX 525 Firewall Cisco PIX 535 Firewall |
Created: 2005-12-22 |
Updated: 2020-08-14 |
ID: CVE-2005-4257 |
Title: Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is... |
Type: Hardware |
Bulletins:
CVE-2005-4257 SFBID15861 |
Severity: High |
Description: Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | ||||
Applies to: BEFW11S4 befw11s4 v3 befw11s4 v4 wrt54gs |
Created: 2005-12-15 |
Updated: 2020-08-14 |
ID: CVE-2005-4258 |
Title: Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is... |
Type: Hardware |
Bulletins:
CVE-2005-4258 |
Severity: High |
Description: Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | ||||
Applies to: Cisco Catalyst 2926 Switch Cisco Catalyst 2970... Cisco Catalyst 4000 Series Switches Cisco Catalyst 4506 Switch Cisco Catalyst 4507R Switch Cisco Catalyst 4900 Series Switches Cisco Catalyst 4908G-L3 Switch Cisco Catalyst 6500 Series Switches |
Created: 2005-12-15 |
Updated: 2020-08-14 |
ID: MITRE:1231 |
Title: oval:org.mitre.oval:def:1231: WinXP,SP2 DirectShow Malicious avi File Vulnerability |
Type: Software |
Bulletins:
MITRE:1231 CVE-2005-2128 |
Severity: Medium |
Description: QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||
Applies to: DirectX |
Created: 2005-12-01 |
Updated: 2020-01-23 |
ID: MITRE:1424 |
Title: oval:org.mitre.oval:def:1424: Server 2003 DirectShow Malicious avi File Vulnerability |
Type: Software |
Bulletins:
MITRE:1424 CVE-2005-2128 |
Severity: Medium |
Description: QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||
Applies to: DirectX |
Created: 2005-12-01 |
Updated: 2020-01-23 |
ID: MITRE:1267 |
Title: oval:org.mitre.oval:def:1267: Win2k,SP4 DirectShow Malicious avi File Vulnerability |
Type: Software |
Bulletins:
MITRE:1267 CVE-2005-2128 |
Severity: Medium |
Description: QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||
Applies to: DirectX |
Created: 2005-12-01 |
Updated: 2020-01-23 |
ID: MITRE:1149 |
Title: oval:org.mitre.oval:def:1149: Server 2003,SP1 DirectShow Malicious avi File Vulnerability |
Type: Software |
Bulletins:
MITRE:1149 CVE-2005-2128 |
Severity: Medium |
Description: QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||
Applies to: DirectX |
Created: 2005-12-01 |
Updated: 2020-01-23 |
ID: MITRE:1434 |
Title: oval:org.mitre.oval:def:1434: WinXP,SP1 DirectShow Malicious avi File Vulnerability |
Type: Software |
Bulletins:
MITRE:1434 CVE-2005-2128 |
Severity: Medium |
Description: QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||
Applies to: DirectX |
Created: 2005-12-01 |
Updated: 2020-01-23 |
ID: CVE-2005-3921 |
Title: Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of... |
Type: Hardware |
Bulletins:
CVE-2005-3921 SFBID15602 |
Severity: Low |
Description: Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. | ||||
Applies to: |
Created: 2005-11-30 |
Updated: 2020-08-14 |
ID: CVE-2005-3774 |
Title: Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system,... |
Type: Hardware |
Bulletins:
CVE-2005-3774 SFBID15525 |
Severity: Medium |
Description: Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. | ||||
Applies to: |
Created: 2005-11-22 |
Updated: 2020-08-14 |
ID: CVE-2003-1267 |
Title: GuildFTPd FTP Server Can Be Crashed By Remote Users Requesting DOS Device Names |
Type: FTP |
Bulletins:
CVE-2003-1267 |
Severity: Medium |
Description: GuildFTPd FTP Server is prone to a vulnerability, where a remote authenticated user or an anonymous user can cause the FTP service to crash, when the user requests a file with a DOS device name. This will lead to a denial of service condition. There is still no solution for such a vulnerability at this point in time. | ||||
Applies to: GuildFTPd |
Created: 2005-11-16 |
Updated: 2010-08-21 |
ID: MITRE:100110 |
Title: oval:org.mitre.oval:def:100110: Apache Listening Socket Starvation Vulnerability |
Type: Web |
Bulletins:
MITRE:100110 CVE-2004-0174 |
Severity: Medium |
Description: Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." | ||||
Applies to: Apache |
Created: 2005-11-16 |
Updated: 2019-09-23 |
ID: CVE-2005-3481 |
Title: Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the... |
Type: Hardware |
Bulletins:
CVE-2005-3481 SFBID15275 |
Severity: High |
Description: Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed. | ||||
Applies to: |
Created: 2005-11-02 |
Updated: 2020-08-14 |
ID: CVE-2005-3482 |
Title: Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic... |
Type: Hardware |
Bulletins:
CVE-2005-3482 SFBID15272 |
Severity: Medium |
Description: Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host. | ||||
Applies to: Cisco Aironet 1131 Cisco Aironet Ap1200 Cisco Aironet Ap1240 |
Created: 2005-11-02 |
Updated: 2020-08-14 |
ID: CVE-2005-3426 |
Title: Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. |
Type: Hardware |
Bulletins:
CVE-2005-3426 SFBID15144 |
Severity: Medium |
Description: Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. | ||||
Applies to: Content Services Switch 11500 |
Created: 2005-11-01 |
Updated: 2020-08-14 |
ID: CVE-2005-2973 |
Title: Linux Kernel version prior to 2.6.14-rc5 |
Type: Miscellaneous |
Bulletins:
CVE-2005-2973 SFBID15156 |
Severity: Low |
Description: The Linux kernel is prone to a vulnerability in version 2.6.13.4. This is due to an infinite loop error in the udp_v6_get_port() function in net/ipv6/udp.c, which can cause a denial of service. Since there is no workarounds to this vulnerability, one should upgrade to version 2.6.14-rec5 or higher. | ||||
Applies to: Kernel |
Created: 2005-10-20 |
Updated: 2010-08-21 |
ID: MITRE:989 |
Title: oval:org.mitre.oval:def:989: Microsoft Outlook Express 6,SP1 News Reading Vulnerability |
Type: |
Bulletins:
MITRE:989 CVE-2005-1213 |
Severity: High |
Description: Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. | ||||
Applies to: Microsoft Outlook Express |
Created: 2005-10-12 |
Updated: 2020-01-23 |
ID: CVE-2005-2799 |
Title: Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. |
Type: Hardware |
Bulletins:
CVE-2005-2799 |
Severity: High |
Description: Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. | ||||
Applies to: wrt54g |
Created: 2005-09-15 |
Updated: 2020-08-14 |
ID: CVE-2005-2912 |
Title: Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. |
Type: Hardware |
Bulletins:
CVE-2005-2912 |
Severity: Medium |
Description: Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. | ||||
Applies to: wrt54g |
Created: 2005-09-14 |
Updated: 2020-08-14 |
ID: CVE-2005-2914 |
Title: ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration... |
Type: Hardware |
Bulletins:
CVE-2005-2914 |
Severity: High |
Description: ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. | ||||
Applies to: wrt54g |
Created: 2005-09-14 |
Updated: 2020-08-14 |
ID: CVE-2005-2915 |
Title: ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to... |
Type: Hardware |
Bulletins:
CVE-2005-2915 |
Severity: Medium |
Description: ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914. | ||||
Applies to: wrt54g |
Created: 2005-09-14 |
Updated: 2020-08-14 |
ID: CVE-2005-2916 |
Title: Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi... |
Type: Hardware |
Bulletins:
CVE-2005-2916 |
Severity: Medium |
Description: Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. | ||||
Applies to: wrt54g |
Created: 2005-09-14 |
Updated: 2020-08-14 |
ID: CVE-2005-2841 |
Title: Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted... |
Type: Hardware |
Bulletins:
CVE-2005-2841 |
Severity: High |
Description: Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. | ||||
Applies to: |
Created: 2005-09-08 |
Updated: 2020-08-14 |
ID: CVE-2005-2640 |
Title: Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which... |
Type: Hardware |
Bulletins:
CVE-2005-2640 SFBID14595 |
Severity: Medium |
Description: Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. | ||||
Applies to: NScreen5GT |
Created: 2005-08-23 |
Updated: 2020-08-14 |
ID: CVE-2005-2589 |
Title: Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. |
Type: Hardware |
Bulletins:
CVE-2005-2589 SFBID14566 |
Severity: High |
Description: Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. | ||||
Applies to: wrt54gs |
Created: 2005-08-17 |
Updated: 2020-08-14 |
ID: CVE-2005-2434 |
Title: Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. |
Type: Hardware |
Bulletins:
CVE-2005-2434 SFBID14407 |
Severity: Medium |
Description: Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. | ||||
Applies to: wrt54g |
Created: 2005-08-03 |
Updated: 2020-08-14 |
ID: CVE-2005-2451 |
Title: Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. |
Type: Hardware |
Bulletins:
CVE-2005-2451 SFBID14414 |
Severity: Low |
Description: Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | ||||
Applies to: |
Created: 2005-08-03 |
Updated: 2020-08-14 |
ID: CVE-2005-2241 |
Title: Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows... |
Type: Hardware |
Bulletins:
CVE-2005-2241 SFBID14250 |
Severity: Medium |
Description: Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | ||||
Applies to: Cisco Call Manager |
Created: 2005-07-12 |
Updated: 2020-08-14 |
ID: CVE-2005-2243 |
Title: Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory... |
Type: Hardware |
Bulletins:
CVE-2005-2243 SFBID14253 |
Severity: Medium |
Description: Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | ||||
Applies to: Cisco Call Manager |
Created: 2005-07-12 |
Updated: 2020-08-14 |
ID: CVE-2005-2244 |
Title: The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger... |
Type: Hardware |
Bulletins:
CVE-2005-2244 SFBID14255 |
Severity: Medium |
Description: The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. | ||||
Applies to: Cisco Call Manager |
Created: 2005-07-12 |
Updated: 2020-08-14 |
ID: CVE-2005-2105 |
Title: Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. |
Type: Hardware |
Bulletins:
CVE-2005-2105 |
Severity: High |
Description: Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | ||||
Applies to: |
Created: 2005-07-05 |
Updated: 2020-08-14 |
ID: MITRE:3556 |
Title: oval:org.mitre.oval:def:3556: Microsoft .NET Framework v1.1 Security Bypass |
Type: Miscellaneous |
Bulletins:
MITRE:3556 CVE-2004-0847 |
Severity: High |
Description: The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | ||||
Applies to: Microsoft .NET Framework |
Created: 2005-06-01 |
Updated: 2020-01-23 |
ID: CVE-2005-1802 |
Title: Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. |
Type: Hardware |
Bulletins:
CVE-2005-1802 SFBID13792 |
Severity: Medium |
Description: Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header. | ||||
Applies to: ... Contivity 1740 VPN Router Contivity1000 Contivity1010 Contivity1050 Contivity1100 Contivity15xx Contivity1600 Contivity1700 Contivity2000 Contivity2500 Contivity2600 Contivity2700 Contivity4000 Contivity4500 Contivity4600 |
Created: 2005-05-27 |
Updated: 2020-08-14 |
ID: CVE-2005-1827 |
Title: D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. |
Type: Hardware |
Bulletins:
CVE-2005-1827 SFBID13679 |
Severity: High |
Description: D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | ||||
Applies to: DSL-504T |
Created: 2005-05-26 |
Updated: 2020-08-14 |
ID: CVE-2005-1828 |
Title: D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. |
Type: Hardware |
Bulletins:
CVE-2005-1828 |
Severity: High |
Description: D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | ||||
Applies to: DSL-504T |
Created: 2005-05-26 |
Updated: 2020-08-14 |
ID: CVE-2005-1680 |
Title: D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes... |
Type: Hardware |
Bulletins:
CVE-2005-1680 |
Severity: High |
Description: D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address. | ||||
Applies to: DSL-502T DSL-504T DSL-562T DSL-G604T |
Created: 2005-05-20 |
Updated: 2020-08-14 |
ID: CVE-2005-0195 |
Title: Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. |
Type: Hardware |
Bulletins:
CVE-2005-0195 |
Severity: Medium |
Description: Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1025 |
Title: The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. |
Type: Hardware |
Bulletins:
CVE-2005-1025 |
Severity: Medium |
Description: The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | ||||
Applies to: IBM OS/400 V4R4M0 |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1133 |
Title: The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. |
Type: Hardware |
Bulletins:
CVE-2005-1133 SFBID13156 |
Severity: Medium |
Description: The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | ||||
Applies to: IBM OS/400 V4R4M0 |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1238 |
Title: By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. |
Type: Hardware |
Bulletins:
CVE-2005-1238 |
Severity: High |
Description: By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | ||||
Applies to: IBM OS/400 V4R4M0 |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1006 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. |
Type: Hardware |
Bulletins:
CVE-2005-1006 SFBID12984 |
Severity: Medium |
Description: Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | ||||
Applies to: SonicWall Firewall SoHo |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1059 |
Title: Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. |
Type: Hardware |
Bulletins:
CVE-2005-1059 SFBID13051 |
Severity: Low |
Description: Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | ||||
Applies to: wet11 |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-0196 |
Title: Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. |
Type: Hardware |
Bulletins:
CVE-2005-0196 |
Severity: Medium |
Description: Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-0197 |
Title: Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. |
Type: Hardware |
Bulletins:
CVE-2005-0197 SFBID12369 |
Severity: Medium |
Description: Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1020 |
Title: Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the... |
Type: Hardware |
Bulletins:
CVE-2005-1020 SFBID13043 |
Severity: High |
Description: Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1021 |
Title: Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. |
Type: Hardware |
Bulletins:
CVE-2005-1021 SFBID13042 |
Severity: High |
Description: Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1057 |
Title: Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." |
Type: Hardware |
Bulletins:
CVE-2005-1057 |
Severity: High |
Description: Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: CVE-2005-1058 |
Title: Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass... |
Type: Hardware |
Bulletins:
CVE-2005-1058 |
Severity: High |
Description: Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. | ||||
Applies to: |
Created: 2005-05-02 |
Updated: 2020-08-14 |
ID: REF000253 |
Title: Possible Rootkit Detected : Altered system call functions code |
Type: Rootkit |
Bulletins: | Severity: High |
Description: Rootkit Detection: System call functions, code analysisCheck Requirements: (1) ‘expect’ and ‘gdb’ application packages to be installed on the target machine for the check to work. (2) A copy of an uncompressed version of the kernel (file name starts with vmlinux*) in either the /boot/ directory OR the home directory of the user used for scanning. NOTE: If more than one vmlinux* is available, the first file found will be used. To customize which file to search for you can edit the script named ‘kernelscan.sh’ and ‘procscan.sh’ and follow the instructions specified there to indicate an alternative kernel file name/location. The script will use ‘gdb’ to decompile the current syscall functions in memory and compare them with the code of the same function in the available kernel copy on the harddisk in the /boot/ location (or home). If the script finds that the code in these two versions differs, the vulnerability will trigger. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf | ||||
Applies to: |
Created: 2005-03-29 |
Updated: 2010-08-21 |
ID: REF000254 |
Title: Possible Rootkit Detected : Hidden Processes |
Type: Rootkit |
Bulletins: | Severity: High |
Description: This script identifies processes running hidden from conventional process listing tools. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf | ||||
Applies to: |
Created: 2005-03-29 |
Updated: 2010-08-21 |
ID: REF000255 |
Title: Possible Rootkit Detected : Hidden Processes |
Type: Rootkit |
Bulletins: | Severity: High |
Description: This script identifies processes running hidden from conventional process listing tools. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf | ||||
Applies to: |
Created: 2005-03-29 |
Updated: 2010-08-21 |
ID: REF000257 |
Title: Possible Rootkit Detected : Altered system call table detected |
Type: Rootkit |
Bulletins: | Severity: High |
Description: Check Requirements: (1) ‘expect’ and ‘gdb’ application packages to be installed on the target machine for the check to work. (2) A copy of an uncompressed version of the kernel (file name starts with vmlinux*) in either the /boot/ directory OR the home directory of the user used for scanning. NOTE: If more than one vmlinux* is available, the first file found will be used. To customize which file to search for you can edit the script named ‘kernelscan.sh’ and ‘procscan.sh’ and follow the instructions specified there to indicate an alternative kernel file name/location. The script will use ‘gdb’ to extract the current system call table from the running kernel and compare it to the system call table contained in the kernel copy in the /boot/ location (or home). For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf | ||||
Applies to: |
Created: 2005-03-29 |
Updated: 2010-08-21 |
ID: CVE-2005-0186 |
Title: Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed... |
Type: Hardware |
Bulletins:
CVE-2005-0186 |
Severity: Medium |
Description: Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. | ||||
Applies to: |
Created: 2005-01-19 |
Updated: 2020-08-14 |
ID: CVE-2005-0290 |
Title: NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. |
Type: Hardware |
Bulletins:
CVE-2005-0290 SFBID12278 |
Severity: High |
Description: NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | ||||
Applies to: FVS318v3 Firewall |
Created: 2005-01-17 |
Updated: 2020-08-14 |
ID: CVE-2005-0291 |
Title: Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. |
Type: Hardware |
Bulletins:
CVE-2005-0291 SFBID12278 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | ||||
Applies to: FVS318v3 Firewall |
Created: 2005-01-17 |
Updated: 2020-08-14 |