LanGuard reports



Supported OVAL Bulletins


More information on 2020 updates



ID:
CVE-2005-4723
Title:
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Type:
Hardware
Bulletins:
CVE-2005-4723
SFBID16621
Severity:
Medium
Description:
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Applies to:
DI-524
DI-624
DI-784
Created:
2005-12-31
Updated:
2020-08-14

ID:
CVE-2005-4826
Title:
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different...
Type:
Hardware
Bulletins:
CVE-2005-4826
SFBID22268
Severity:
Medium
Description:
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.
Applies to:
Created:
2005-12-31
Updated:
2020-08-14

ID:
CVE-2005-4499
Title:
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password,...
Type:
Hardware
Bulletins:
CVE-2005-4499
SFBID16025
Severity:
High
Description:
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
Applies to:
Cisco PIX 501 Firewall
Cisco PIX 506 Firewall
Cisco PIX 515 Firewall
Cisco PIX 515E Firewall
Cisco PIX 520 Firewall
Cisco PIX 525 Firewall
Cisco PIX 535 Firewall
Created:
2005-12-22
Updated:
2020-08-14

ID:
CVE-2005-4257
Title:
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is...
Type:
Hardware
Bulletins:
CVE-2005-4257
SFBID15861
Severity:
High
Description:
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Applies to:
BEFW11S4
befw11s4 v3
befw11s4 v4
wrt54gs
Created:
2005-12-15
Updated:
2020-08-14

ID:
CVE-2005-4258
Title:
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is...
Type:
Hardware
Bulletins:
CVE-2005-4258
Severity:
High
Description:
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Applies to:
Cisco Catalyst 2926 Switch
Cisco Catalyst 2970...
Cisco Catalyst 4000 Series Switches
Cisco Catalyst 4506 Switch
Cisco Catalyst 4507R Switch
Cisco Catalyst 4900 Series Switches
Cisco Catalyst 4908G-L3 Switch
Cisco Catalyst 6500 Series Switches
Created:
2005-12-15
Updated:
2020-08-14

ID:
MITRE:1231
Title:
oval:org.mitre.oval:def:1231: WinXP,SP2 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1231
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2020-01-23

ID:
MITRE:1424
Title:
oval:org.mitre.oval:def:1424: Server 2003 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1424
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2020-01-23

ID:
MITRE:1267
Title:
oval:org.mitre.oval:def:1267: Win2k,SP4 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1267
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2020-01-23

ID:
MITRE:1149
Title:
oval:org.mitre.oval:def:1149: Server 2003,SP1 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1149
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2020-01-23

ID:
MITRE:1434
Title:
oval:org.mitre.oval:def:1434: WinXP,SP1 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1434
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2020-01-23

ID:
CVE-2005-3921
Title:
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of...
Type:
Hardware
Bulletins:
CVE-2005-3921
SFBID15602
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.
Applies to:
Created:
2005-11-30
Updated:
2020-08-14

ID:
CVE-2005-3774
Title:
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system,...
Type:
Hardware
Bulletins:
CVE-2005-3774
SFBID15525
Severity:
Medium
Description:
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
Applies to:
Created:
2005-11-22
Updated:
2020-08-14

ID:
CVE-2003-1267
Title:
GuildFTPd FTP Server Can Be Crashed By Remote Users Requesting DOS Device Names
Type:
FTP
Bulletins:
CVE-2003-1267
Severity:
Medium
Description:
GuildFTPd FTP Server is prone to a vulnerability, where a remote authenticated user or an anonymous user can cause the FTP service to crash, when the user requests a file with a DOS device name. This will lead to a denial of service condition. There is still no solution for such a vulnerability at this point in time.
Applies to:
GuildFTPd
Created:
2005-11-16
Updated:
2010-08-21

ID:
MITRE:100110
Title:
oval:org.mitre.oval:def:100110: Apache Listening Socket Starvation Vulnerability
Type:
Web
Bulletins:
MITRE:100110
CVE-2004-0174
Severity:
Medium
Description:
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
Applies to:
Apache
Created:
2005-11-16
Updated:
2019-09-23

ID:
CVE-2005-3481
Title:
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the...
Type:
Hardware
Bulletins:
CVE-2005-3481
SFBID15275
Severity:
High
Description:
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.
Applies to:
Created:
2005-11-02
Updated:
2020-08-14

ID:
CVE-2005-3482
Title:
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic...
Type:
Hardware
Bulletins:
CVE-2005-3482
SFBID15272
Severity:
Medium
Description:
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.
Applies to:
Cisco Aironet 1131
Cisco Aironet Ap1200
Cisco Aironet Ap1240
Created:
2005-11-02
Updated:
2020-08-14

ID:
CVE-2005-3426
Title:
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
Type:
Hardware
Bulletins:
CVE-2005-3426
SFBID15144
Severity:
Medium
Description:
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
Applies to:
Content Services Switch 11500
Created:
2005-11-01
Updated:
2020-08-14

ID:
CVE-2005-2973
Title:
Linux Kernel version prior to 2.6.14-rc5
Type:
Miscellaneous
Bulletins:
CVE-2005-2973
SFBID15156
Severity:
Low
Description:
The Linux kernel is prone to a vulnerability in version 2.6.13.4. This is due to an infinite loop error in the udp_v6_get_port() function in net/ipv6/udp.c, which can cause a denial of service. Since there is no workarounds to this vulnerability, one should upgrade to version 2.6.14-rec5 or higher.
Applies to:
Kernel
Created:
2005-10-20
Updated:
2010-08-21

ID:
MITRE:989
Title:
oval:org.mitre.oval:def:989: Microsoft Outlook Express 6,SP1 News Reading Vulnerability
Type:
Mail
Bulletins:
MITRE:989
CVE-2005-1213
Severity:
High
Description:
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
Applies to:
Microsoft Outlook Express
Created:
2005-10-12
Updated:
2020-01-23

ID:
CVE-2005-2799
Title:
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
Type:
Hardware
Bulletins:
CVE-2005-2799
Severity:
High
Description:
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
Applies to:
wrt54g
Created:
2005-09-15
Updated:
2020-08-14

ID:
CVE-2005-2912
Title:
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
Type:
Hardware
Bulletins:
CVE-2005-2912
Severity:
Medium
Description:
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2020-08-14

ID:
CVE-2005-2914
Title:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration...
Type:
Hardware
Bulletins:
CVE-2005-2914
Severity:
High
Description:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2020-08-14

ID:
CVE-2005-2915
Title:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to...
Type:
Hardware
Bulletins:
CVE-2005-2915
Severity:
Medium
Description:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2020-08-14

ID:
CVE-2005-2916
Title:
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi...
Type:
Hardware
Bulletins:
CVE-2005-2916
Severity:
Medium
Description:
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2020-08-14

ID:
CVE-2005-2841
Title:
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted...
Type:
Hardware
Bulletins:
CVE-2005-2841
Severity:
High
Description:
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials.
Applies to:
Created:
2005-09-08
Updated:
2020-08-14

ID:
CVE-2005-2640
Title:
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which...
Type:
Hardware
Bulletins:
CVE-2005-2640
SFBID14595
Severity:
Medium
Description:
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Applies to:
NScreen5GT
Created:
2005-08-23
Updated:
2020-08-14

ID:
CVE-2005-2589
Title:
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
Type:
Hardware
Bulletins:
CVE-2005-2589
SFBID14566
Severity:
High
Description:
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
Applies to:
wrt54gs
Created:
2005-08-17
Updated:
2020-08-14

ID:
CVE-2005-2434
Title:
Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2005-2434
SFBID14407
Severity:
Medium
Description:
Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
Applies to:
wrt54g
Created:
2005-08-03
Updated:
2020-08-14

ID:
CVE-2005-2451
Title:
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
Type:
Hardware
Bulletins:
CVE-2005-2451
SFBID14414
Severity:
Low
Description:
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
Applies to:
Created:
2005-08-03
Updated:
2020-08-14

ID:
CVE-2005-2241
Title:
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows...
Type:
Hardware
Bulletins:
CVE-2005-2241
SFBID14250
Severity:
Medium
Description:
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe.
Applies to:
Cisco Call Manager
Created:
2005-07-12
Updated:
2020-08-14

ID:
CVE-2005-2243
Title:
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory...
Type:
Hardware
Bulletins:
CVE-2005-2243
SFBID14253
Severity:
Medium
Description:
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.
Applies to:
Cisco Call Manager
Created:
2005-07-12
Updated:
2020-08-14

ID:
CVE-2005-2244
Title:
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger...
Type:
Hardware
Bulletins:
CVE-2005-2244
SFBID14255
Severity:
Medium
Description:
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
Applies to:
Cisco Call Manager
Created:
2005-07-12
Updated:
2020-08-14

ID:
CVE-2005-2105
Title:
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
Type:
Hardware
Bulletins:
CVE-2005-2105
Severity:
High
Description:
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
Applies to:
Created:
2005-07-05
Updated:
2020-08-14

ID:
MITRE:3556
Title:
oval:org.mitre.oval:def:3556: Microsoft .NET Framework v1.1 Security Bypass
Type:
Miscellaneous
Bulletins:
MITRE:3556
CVE-2004-0847
Severity:
High
Description:
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Applies to:
Microsoft .NET Framework
Created:
2005-06-01
Updated:
2020-01-23

ID:
CVE-2005-1802
Title:
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
Type:
Hardware
Bulletins:
CVE-2005-1802
SFBID13792
Severity:
Medium
Description:
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
Applies to:
...
Contivity 1740 VPN Router
Contivity1000
Contivity1010
Contivity1050
Contivity1100
Contivity15xx
Contivity1600
Contivity1700
Contivity2000
Contivity2500
Contivity2600
Contivity2700
Contivity4000
Contivity4500
Contivity4600
Created:
2005-05-27
Updated:
2020-08-14

ID:
CVE-2005-1827
Title:
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
Type:
Hardware
Bulletins:
CVE-2005-1827
SFBID13679
Severity:
High
Description:
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
Applies to:
DSL-504T
Created:
2005-05-26
Updated:
2020-08-14

ID:
CVE-2005-1828
Title:
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2005-1828
Severity:
High
Description:
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
Applies to:
DSL-504T
Created:
2005-05-26
Updated:
2020-08-14

ID:
CVE-2005-1680
Title:
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes...
Type:
Hardware
Bulletins:
CVE-2005-1680
Severity:
High
Description:
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
Applies to:
DSL-502T
DSL-504T
DSL-562T
DSL-G604T
Created:
2005-05-20
Updated:
2020-08-14

ID:
CVE-2005-0195
Title:
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
Type:
Hardware
Bulletins:
CVE-2005-0195
Severity:
Medium
Description:
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1025
Title:
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
Type:
Hardware
Bulletins:
CVE-2005-1025
Severity:
Medium
Description:
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
Applies to:
IBM OS/400 V4R4M0
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1133
Title:
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
Type:
Hardware
Bulletins:
CVE-2005-1133
SFBID13156
Severity:
Medium
Description:
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
Applies to:
IBM OS/400 V4R4M0
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1238
Title:
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
Type:
Hardware
Bulletins:
CVE-2005-1238
Severity:
High
Description:
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
Applies to:
IBM OS/400 V4R4M0
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1006
Title:
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
Type:
Hardware
Bulletins:
CVE-2005-1006
SFBID12984
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
Applies to:
SonicWall Firewall SoHo
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1059
Title:
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
Type:
Hardware
Bulletins:
CVE-2005-1059
SFBID13051
Severity:
Low
Description:
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
Applies to:
wet11
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-0196
Title:
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
Type:
Hardware
Bulletins:
CVE-2005-0196
Severity:
Medium
Description:
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-0197
Title:
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
Type:
Hardware
Bulletins:
CVE-2005-0197
SFBID12369
Severity:
Medium
Description:
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1020
Title:
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the...
Type:
Hardware
Bulletins:
CVE-2005-1020
SFBID13043
Severity:
High
Description:
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1021
Title:
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
Type:
Hardware
Bulletins:
CVE-2005-1021
SFBID13042
Severity:
High
Description:
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1057
Title:
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
Type:
Hardware
Bulletins:
CVE-2005-1057
Severity:
High
Description:
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
CVE-2005-1058
Title:
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass...
Type:
Hardware
Bulletins:
CVE-2005-1058
Severity:
High
Description:
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.
Applies to:
Created:
2005-05-02
Updated:
2020-08-14

ID:
REF000253
Title:
Possible Rootkit Detected : Altered system call functions code
Type:
Rootkit
Bulletins: Severity:
High
Description:
Rootkit Detection: System call functions, code analysisCheck Requirements: (1) ‘expect’ and ‘gdb’ application packages to be installed on the target machine for the check to work. (2) A copy of an uncompressed version of the kernel (file name starts with vmlinux*) in either the /boot/ directory OR the home directory of the user used for scanning. NOTE: If more than one vmlinux* is available, the first file found will be used. To customize which file to search for you can edit the script named ‘kernelscan.sh’ and ‘procscan.sh’ and follow the instructions specified there to indicate an alternative kernel file name/location. The script will use ‘gdb’ to decompile the current syscall functions in memory and compare them with the code of the same function in the available kernel copy on the harddisk in the /boot/ location (or home). If the script finds that the code in these two versions differs, the vulnerability will trigger. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
REF000254
Title:
Possible Rootkit Detected : Hidden Processes
Type:
Rootkit
Bulletins: Severity:
High
Description:
This script identifies processes running hidden from conventional process listing tools. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
REF000255
Title:
Possible Rootkit Detected : Hidden Processes
Type:
Rootkit
Bulletins: Severity:
High
Description:
This script identifies processes running hidden from conventional process listing tools. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
REF000257
Title:
Possible Rootkit Detected : Altered system call table detected
Type:
Rootkit
Bulletins: Severity:
High
Description:
Check Requirements: (1) ‘expect’ and ‘gdb’ application packages to be installed on the target machine for the check to work. (2) A copy of an uncompressed version of the kernel (file name starts with vmlinux*) in either the /boot/ directory OR the home directory of the user used for scanning. NOTE: If more than one vmlinux* is available, the first file found will be used. To customize which file to search for you can edit the script named ‘kernelscan.sh’ and ‘procscan.sh’ and follow the instructions specified there to indicate an alternative kernel file name/location. The script will use ‘gdb’ to extract the current system call table from the running kernel and compare it to the system call table contained in the kernel copy in the /boot/ location (or home). For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
CVE-2005-0186
Title:
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed...
Type:
Hardware
Bulletins:
CVE-2005-0186
Severity:
Medium
Description:
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
Applies to:
Created:
2005-01-19
Updated:
2020-08-14

ID:
CVE-2005-0290
Title:
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
Type:
Hardware
Bulletins:
CVE-2005-0290
SFBID12278
Severity:
High
Description:
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
Applies to:
FVS318v3 Firewall
Created:
2005-01-17
Updated:
2020-08-14

ID:
CVE-2005-0291
Title:
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
Type:
Hardware
Bulletins:
CVE-2005-0291
SFBID12278
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
Applies to:
FVS318v3 Firewall
Created:
2005-01-17
Updated:
2020-08-14