LanGuard reports



Supported OVAL Bulletins


More information on 2024 updates



ID:
MITRE:11268
Title:
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11268
CVE-2010-3557
Severity:
Medium
Description:
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11798
Title:
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11798
CVE-2010-3553
Severity:
High
Description:
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11880
Title:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11880
CVE-2010-3559
Severity:
High
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12240
Title:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:12240
CVE-2010-3572
Severity:
High
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12004
Title:
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12004
CVE-2010-3552
Severity:
High
Description:
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12005
Title:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12005
CVE-2010-3560
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11330
Title:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:11330
CVE-2010-3551
Severity:
Medium
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11990
Title:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Type:
Software
Bulletins:
MITRE:11990
CVE-2010-3573
Severity:
Medium
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11871
Title:
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:11871
CVE-2010-3558
Severity:
High
Description:
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11619
Title:
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Type:
Software
Bulletins:
MITRE:11619
CVE-2010-3550
Severity:
High
Description:
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12226
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:12226
CVE-2010-3569
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12029
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:12029
CVE-2010-3568
Severity:
High
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12173
Title:
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12173
CVE-2010-3570
Severity:
High
Description:
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11320
Title:
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:11320
CVE-2010-3555
Severity:
High
Description:
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12181
Title:
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions
Type:
Software
Bulletins:
MITRE:12181
CVE-2010-3563
Severity:
High
Description:
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12200
Title:
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Type:
Software
Bulletins:
MITRE:12200
CVE-2010-3561
Severity:
High
Description:
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12189
Title:
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:12189
CVE-2010-3554
Severity:
High
Description:
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11714
Title:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions
Type:
Software
Bulletins:
MITRE:11714
CVE-2010-3567
Severity:
High
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12225
Title:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions
Type:
Software
Bulletins:
MITRE:12225
CVE-2010-3566
Severity:
High
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12180
Title:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions
Type:
Software
Bulletins:
MITRE:12180
CVE-2010-3565
Severity:
High
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11893
Title:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11893
CVE-2010-3562
Severity:
High
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12177
Title:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:12177
CVE-2010-3571
Severity:
High
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:11815
Title:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
MITRE:11815
CVE-2010-3556
Severity:
High
Description:
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Java SE
Created:
2010-12-27
Updated:
2024-01-17

ID:
MITRE:12219
Title:
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007
Type:
Software
Bulletins:
MITRE:12219
CVE-2010-3142
Severity:
High
Description:
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
Applies to:
Microsoft Office PowerPoint 2007
Created:
2010-12-20
Updated:
2024-01-17

ID:
CVE-2010-4012
Title:
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
Type:
Mobile Devices
Bulletins:
CVE-2010-4012
Severity:
Medium
Description:
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
Applies to:
Created:
2010-12-08
Updated:
2024-01-17

ID:
MITRE:6653
Title:
Windows Media Player Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:6653
CVE-2010-2745
Severity:
High
Description:
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
Applies to:
Windows Media Player
Created:
2010-12-06
Updated:
2024-01-17

ID:
MITRE:7360
Title:
Vulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software
Type:
Software
Bulletins:
MITRE:7360
CVE-2010-3741
Severity:
Medium
Description:
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
Applies to:
BlackBerry Desktop Software
Created:
2010-12-06
Updated:
2024-01-17

ID:
MITRE:6843
Title:
Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47
Type:
Software
Bulletins:
MITRE:6843
CVE-2010-2600
Severity:
High
Description:
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.
Applies to:
BlackBerry Desktop Software
Created:
2010-12-06
Updated:
2024-01-17

ID:
CVE-2010-4354
Title:
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only...
Type:
Hardware
Bulletins:
CVE-2010-4354
Severity:
Medium
Description:
The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025.
Applies to:
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco Vpn 3005 Concentrator
Created:
2010-11-30
Updated:
2024-01-17

ID:
MITRE:6645
Title:
Vulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0
Type:
Software
Bulletins:
MITRE:6645
CVE-2010-3781
Severity:
Medium
Description:
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.
Applies to:
PostgreSQL
Created:
2010-11-29
Updated:
2024-01-17

ID:
MITRE:7291
Title:
Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Type:
Software
Bulletins:
MITRE:7291
CVE-2010-3433
Severity:
Medium
Description:
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Applies to:
PostgreSQL
Created:
2010-11-29
Updated:
2024-01-17

ID:
CVE-2010-3829
Title:
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for...
Type:
Mobile Devices
Bulletins:
CVE-2010-3829
Severity:
Medium
Description:
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
Applies to:
Created:
2010-11-26
Updated:
2024-01-17

ID:
CVE-2010-3831
Title:
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a...
Type:
Mobile Devices
Bulletins:
CVE-2010-3831
Severity:
Medium
Description:
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
Applies to:
Created:
2010-11-26
Updated:
2024-01-17

ID:
CVE-2010-3830
Title:
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-3830
Severity:
High
Description:
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
Applies to:
Created:
2010-11-26
Updated:
2024-01-17

ID:
CVE-2010-3828
Title:
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
Type:
Mobile Devices
Bulletins:
CVE-2010-3828
Severity:
Medium
Description:
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
Applies to:
Created:
2010-11-26
Updated:
2024-01-17

ID:
CVE-2010-3832
Title:
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary...
Type:
Mobile Devices
Bulletins:
CVE-2010-3832
Severity:
Medium
Description:
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
Applies to:
Created:
2010-11-26
Updated:
2024-01-17

ID:
CVE-2010-3827
Title:
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-3827
Severity:
Medium
Description:
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
Applies to:
Created:
2010-11-26
Updated:
2024-01-17

ID:
CVE-2010-3039
Title:
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the...
Type:
Hardware
Bulletins:
CVE-2010-3039
SFBID44672
Severity:
Medium
Description:
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
Applies to:
Unified Communications Manager
Created:
2010-11-09
Updated:
2024-01-17

ID:
MITRE:6778
Title:
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5
Type:
Software
Bulletins:
MITRE:6778
CVE-2010-3127
Severity:
High
Description:
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.
Applies to:
Adobe Photoshop
Created:
2010-11-08
Updated:
2024-01-17

ID:
MITRE:7221
Title:
Apple iTunes Webkit Unspecified Vulnerability
Type:
Software
Bulletins:
MITRE:7221
CVE-2010-1763
Severity:
High
Description:
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
Applies to:
Apple iTunes
Created:
2010-11-01
Updated:
2024-01-17

ID:
MITRE:7604
Title:
Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vulnerability
Type:
Software
Bulletins:
MITRE:7604
CVE-2010-1768
Severity:
Medium
Description:
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
Applies to:
Apple iTunes
Created:
2010-11-01
Updated:
2024-01-17

ID:
MITRE:7061
Title:
Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability
Type:
Software
Bulletins:
MITRE:7061
CVE-2010-1387
Severity:
High
Description:
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
Applies to:
Apple iTunes
Created:
2010-11-01
Updated:
2024-01-17

ID:
MITRE:7217
Title:
Apple iTunes DLL Loading Arbitrary Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:7217
CVE-2010-1795
Severity:
High
Description:
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
Applies to:
Apple iTunes
Created:
2010-11-01
Updated:
2024-01-17

ID:
MITRE:6988
Title:
Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:6988
CVE-2010-1777
Severity:
High
Description:
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
Applies to:
Apple iTunes
Created:
2010-11-01
Updated:
2024-01-17

ID:
MITRE:7178
Title:
Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:7178
CVE-2010-1769
Severity:
High
Description:
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
Applies to:
Apple iTunes
Created:
2010-11-01
Updated:
2024-01-17

ID:
CISEC:1127
Title:
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1127
CVE-2016-5157
Severity:
Medium
Description:
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
Applies to:
Google Chrome
Created:
2010-10-07
Updated:
2024-01-17

ID:
MITRE:12011
Title:
Movie Maker Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:12011
CVE-2010-2564
Severity:
High
Description:
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
Applies to:
Movie Maker 2.1
Movie Maker 2.6
Movie Maker 6.0
Created:
2010-09-27
Updated:
2024-01-17

ID:
CVE-2010-2831
Title:
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.
Type:
Hardware
Bulletins:
CVE-2010-2831
Severity:
High
Description:
Unspecified vulnerability in the NAT for SIP implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic on UDP port 5060, aka Bug ID CSCtf17624.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2832
Title:
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.
Type:
Hardware
Bulletins:
CVE-2010-2832
Severity:
High
Description:
Unspecified vulnerability in the NAT for H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtf91428.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2833
Title:
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
Type:
Hardware
Bulletins:
CVE-2010-2833
Severity:
High
Description:
Unspecified vulnerability in the NAT for H.225.0 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1 allows remote attackers to cause a denial of service (device reload) via transit traffic, aka Bug ID CSCtd86472.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2829
Title:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via...
Type:
Hardware
Bulletins:
CVE-2010-2829
Severity:
High
Description:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2828
Title:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323...
Type:
Hardware
Bulletins:
CVE-2010-2828
Severity:
High
Description:
Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2830
Title:
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
Type:
Hardware
Bulletins:
CVE-2010-2830
Severity:
High
Description:
The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2836
Title:
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections...
Type:
Hardware
Bulletins:
CVE-2010-2836
Severity:
High
Description:
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.
Applies to:
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2834
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote...
Type:
Hardware
Bulletins:
CVE-2010-2834
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.
Applies to:
Unified Communications Manager
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-2835
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before...
Type:
Hardware
Bulletins:
CVE-2010-2835
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
Applies to:
Unified Communications Manager
Created:
2010-09-23
Updated:
2024-01-17

ID:
CVE-2010-1807
Title:
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial...
Type:
Mobile Devices
Bulletins:
CVE-2010-1807
SFBID43047
Severity:
High
Description:
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-2841
Title:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2010-2841
Severity:
Medium
Description:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-0574
Title:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2010-0574
Severity:
High
Description:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-3034
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
Type:
Hardware
Bulletins:
CVE-2010-3034
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-0575
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified...
Type:
Hardware
Bulletins:
CVE-2010-0575
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-3033
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
Type:
Hardware
Bulletins:
CVE-2010-3033
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-2842
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
Type:
Hardware
Bulletins:
CVE-2010-2842
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-2843
Title:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a...
Type:
Hardware
Bulletins:
CVE-2010-2843
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.
Applies to:
Created:
2010-09-10
Updated:
2024-01-17

ID:
CVE-2010-1814
Title:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving...
Type:
Mobile Devices
Bulletins:
CVE-2010-1814
SFBID43083
Severity:
Medium
Description:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1813
Title:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
Type:
Mobile Devices
Bulletins:
CVE-2010-1813
Severity:
Medium
Description:
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1812
Title:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
Type:
Mobile Devices
Bulletins:
CVE-2010-1812
SFBID43079
Severity:
Medium
Description:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1815
Title:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors...
Type:
Mobile Devices
Bulletins:
CVE-2010-1815
SFBID43081
Severity:
Medium
Description:
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1809
Title:
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-1809
Severity:
High
Description:
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1811
Title:
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
Type:
Mobile Devices
Bulletins:
CVE-2010-1811
Severity:
Medium
Description:
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1810
Title:
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
Type:
Mobile Devices
Bulletins:
CVE-2010-1810
Severity:
Low
Description:
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1781
Title:
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an...
Type:
Mobile Devices
Bulletins:
CVE-2010-1781
SFBID43077
Severity:
Medium
Description:
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-1817
Title:
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
Type:
Mobile Devices
Bulletins:
CVE-2010-1817
Severity:
Medium
Description:
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
Applies to:
Created:
2010-09-09
Updated:
2024-01-17

ID:
CVE-2010-3035
Title:
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the...
Type:
Hardware
Bulletins:
CVE-2010-3035
Severity:
Medium
Description:
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.
Applies to:
Created:
2010-08-30
Updated:
2024-01-17

ID:
CVE-2010-2837
Title:
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2010-2837
Severity:
High
Description:
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.
Applies to:
Unified Communications Manager
Created:
2010-08-26
Updated:
2024-01-17

ID:
CVE-2010-2838
Title:
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process...
Type:
Hardware
Bulletins:
CVE-2010-2838
Severity:
High
Description:
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.
Applies to:
Unified Communications Manager
Created:
2010-08-26
Updated:
2024-01-17

ID:
CVE-2010-2825
Title:
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series...
Type:
Hardware
Bulletins:
CVE-2010-2825
Severity:
High
Description:
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.
Applies to:
Cisco Ace 4710
Created:
2010-08-17
Updated:
2024-01-17

ID:
CVE-2010-2822
Title:
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710...
Type:
Hardware
Bulletins:
CVE-2010-2822
Severity:
High
Description:
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.
Applies to:
Cisco Ace 4710
Created:
2010-08-17
Updated:
2024-01-17

ID:
CVE-2010-2823
Title:
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets,...
Type:
Hardware
Bulletins:
CVE-2010-2823
Severity:
High
Description:
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.
Applies to:
Cisco Ace 4710
Created:
2010-08-17
Updated:
2024-01-17

ID:
CVE-2010-1797
Title:
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch...
Type:
Mobile Devices
Bulletins:
CVE-2010-1797
SFBID42151
Severity:
High
Description:
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
Applies to:
Created:
2010-08-16
Updated:
2024-01-17

ID:
CVE-2010-2827
Title:
Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.
Type:
Hardware
Bulletins:
CVE-2010-2827
SFBID42426
Severity:
High
Description:
Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.
Applies to:
Created:
2010-08-16
Updated:
2024-01-17

ID:
CVE-2010-2983
Title:
The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an...
Type:
Hardware
Bulletins:
CVE-2010-2983
Severity:
High
Description:
The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2976
Title:
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4)...
Type:
Hardware
Bulletins:
CVE-2010-2976
Severity:
High
Description:
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2988
Title:
Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.
Type:
Hardware
Bulletins:
CVE-2010-2988
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2975
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
Type:
Hardware
Bulletins:
CVE-2010-2975
Severity:
Low
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2980
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.
Type:
Hardware
Bulletins:
CVE-2010-2980
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2979
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.
Type:
Hardware
Bulletins:
CVE-2010-2979
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2984
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
Type:
Hardware
Bulletins:
CVE-2010-2984
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2978
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions,...
Type:
Hardware
Bulletins:
CVE-2010-2978
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2977
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
Type:
Hardware
Bulletins:
CVE-2010-2977
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2982
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
Type:
Hardware
Bulletins:
CVE-2010-2982
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2981
Title:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.
Type:
Hardware
Bulletins:
CVE-2010-2981
Severity:
High
Description:
Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.
Applies to:
Wireless Lan Controller Software
Created:
2010-08-10
Updated:
2024-01-17

ID:
CVE-2010-2707
Title:
Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2010-2707
Severity:
High
Description:
Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
Applies to:
Procurve Switch 2626
Procurve Switch 2626-pwr
Procurve Switch 2650
Procurve Switch 2650-pwr
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2708
Title:
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2010-2708
Severity:
Medium
Description:
Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.
Applies to:
Procurve Switch 2610-24
Procurve Switch 2610-24-pwr
Procurve Switch 2610-24/12pwr
Procurve Switch 2610-48
Procurve Switch 2610-48-pwr
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2705
Title:
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via...
Type:
Hardware
Bulletins:
CVE-2010-2705
Severity:
Medium
Description:
Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors.
Applies to:
Procurve Switch 1800-24g
Procurve Switch 1800-8g
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-1581
Title:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
Type:
Hardware
Bulletins:
CVE-2010-1581
SFBID42187
Severity:
High
Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtd32627.
Applies to:
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2814
Title:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
Type:
Hardware
Bulletins:
CVE-2010-2814
SFBID42196
Severity:
High
Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2815
Title:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3...
Type:
Hardware
Bulletins:
CVE-2010-2815
SFBID42198
Severity:
High
Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-1578
Title:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
Type:
Hardware
Bulletins:
CVE-2010-1578
Severity:
High
Description:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.
Applies to:
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-1579
Title:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
Type:
Hardware
Bulletins:
CVE-2010-1579
Severity:
High
Description:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922.
Applies to:
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-1580
Title:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security...
Type:
Hardware
Bulletins:
CVE-2010-1580
Severity:
High
Description:
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753.
Applies to:
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2816
Title:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2010-2816
SFBID42189
Severity:
High
Description:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2706
Title:
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2010-2706
Severity:
Medium
Description:
Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.
Applies to:
Procurve Switch 2610-24
Procurve Switch 2610-24-pwr
Procurve Switch 2610-24/12pwr
Procurve Switch 2610-48
Procurve Switch 2610-48-pwr
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2817
Title:
Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and...
Type:
Hardware
Bulletins:
CVE-2010-2817
SFBID42190
Severity:
High
Description:
Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507.
Applies to:
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5580 Adaptive...
Created:
2010-08-09
Updated:
2024-01-17

ID:
CVE-2010-2973
Title:
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
Type:
Mobile Devices
Bulletins:
CVE-2010-2973
SFBID42151
Severity:
Medium
Description:
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
Applies to:
Created:
2010-08-05
Updated:
2024-01-17

ID:
CVE-2010-1574
Title:
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the...
Type:
Hardware
Bulletins:
CVE-2010-1574
SFBID41436
Severity:
High
Description:
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
Applies to:
Created:
2010-07-08
Updated:
2024-01-17

ID:
CVE-2010-1576
Title:
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence...
Type:
Hardware
Bulletins:
CVE-2010-1576
SFBID41315
Severity:
High
Description:
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
Applies to:
Cisco Ace 4710
Content Services Switch 11500
Created:
2010-07-06
Updated:
2024-01-17

ID:
CVE-2010-2629
Title:
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which...
Type:
Hardware
Bulletins:
CVE-2010-2629
SFBID41315
Severity:
High
Description:
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.
Applies to:
Cisco Ace 4710
Content Services Switch 11500
Created:
2010-07-06
Updated:
2024-01-17

ID:
CVE-2010-1575
Title:
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via...
Type:
Hardware
Bulletins:
CVE-2010-1575
SFBID41315
Severity:
High
Description:
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.
Applies to:
Content Services Switch 11500
Created:
2010-07-06
Updated:
2024-01-17

ID:
CVE-2009-4922
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer...
Type:
Hardware
Bulletins:
CVE-2009-4922
Severity:
Medium
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4916
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka...
Type:
Hardware
Bulletins:
CVE-2009-4916
Severity:
Medium
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4915
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection...
Type:
Hardware
Bulletins:
CVE-2009-4915
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via unknown network traffic, as demonstrated by a "connection stress test," aka Bug ID CSCsq68451.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4917
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.
Type:
Hardware
Bulletins:
CVE-2009-4917
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4911
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug...
Type:
Hardware
Bulletins:
CVE-2009-4911
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4923
Title:
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
Type:
Hardware
Bulletins:
CVE-2009-4923
Severity:
High
Description:
Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4920
Title:
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
Type:
Hardware
Bulletins:
CVE-2009-4920
Severity:
High
Description:
Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software 8.1(2) allows remote attackers to cause a denial of service (watchdog traceback) via a large amount of small-packet data, aka Bug ID CSCsu11412.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4913
Title:
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6...
Type:
Hardware
Bulletins:
CVE-2009-4913
Severity:
Medium
Description:
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4914
Title:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2009-4914
Severity:
High
Description:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4910
Title:
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug...
Type:
Hardware
Bulletins:
CVE-2009-4910
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2008-7257
Title:
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack...
Type:
Hardware
Bulletins:
CVE-2008-7257
SFBID41159
Severity:
Medium
Description:
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4912
Title:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions...
Type:
Hardware
Bulletins:
CVE-2009-4912
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4921
Title:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
Type:
Hardware
Bulletins:
CVE-2009-4921
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4918
Title:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
Type:
Hardware
Bulletins:
CVE-2009-4918
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2009-4919
Title:
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.
Type:
Hardware
Bulletins:
CVE-2009-4919
Severity:
High
Description:
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.
Applies to:
Cisco ASA 5580 Adaptive Security Appliance
Created:
2010-06-29
Updated:
2024-01-17

ID:
CVE-2010-2506
Title:
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
Type:
Hardware
Bulletins:
CVE-2010-2506
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
Applies to:
WAP54G
Created:
2010-06-28
Updated:
2024-01-17

ID:
CVE-2010-1407
Title:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via...
Type:
Mobile Devices
Bulletins:
CVE-2010-1407
SFBID41016
Severity:
Medium
Description:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1757
Title:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
Type:
Mobile Devices
Bulletins:
CVE-2010-1757
SFBID41016
Severity:
Medium
Description:
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1756
Title:
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an...
Type:
Mobile Devices
Bulletins:
CVE-2010-1756
SFBID41016
Severity:
Medium
Description:
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1752
Title:
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
Type:
Mobile Devices
Bulletins:
CVE-2010-1752
SFBID41016
Severity:
Medium
Description:
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1755
Title:
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
Type:
Mobile Devices
Bulletins:
CVE-2010-1755
SFBID41016
Severity:
Medium
Description:
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1775
Title:
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data,...
Type:
Mobile Devices
Bulletins:
CVE-2010-1775
SFBID41016
Severity:
Low
Description:
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1754
Title:
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to...
Type:
Mobile Devices
Bulletins:
CVE-2010-1754
SFBID41016
Severity:
Medium
Description:
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1753
Title:
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
Type:
Mobile Devices
Bulletins:
CVE-2010-1753
SFBID41016
Severity:
Medium
Description:
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1751
Title:
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
Type:
Mobile Devices
Bulletins:
CVE-2010-1751
SFBID41016
Severity:
Medium
Description:
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
Applies to:
Created:
2010-06-22
Updated:
2024-01-17

ID:
CVE-2010-1387
Title:
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2010-1387
SFBID41016
Severity:
High
Description:
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
Applies to:
Created:
2010-06-18
Updated:
2024-01-17

ID:
CVE-2010-2293
Title:
The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
Type:
Hardware
Bulletins:
CVE-2010-2293
SFBID40691
Severity:
Medium
Description:
The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
Applies to:
DI-604
Created:
2010-06-15
Updated:
2024-01-17

ID:
CVE-2010-2292
Title:
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
Type:
Hardware
Bulletins:
CVE-2010-2292
SFBID40691
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
Applies to:
DI-604
Created:
2010-06-15
Updated:
2024-01-17

ID:
CVE-2010-1573
Title:
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3)...
Type:
Hardware
Bulletins:
CVE-2010-1573
SFBID40648
Severity:
High
Description:
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Applies to:
wap54g
Created:
2010-06-09
Updated:
2024-01-17

ID:
CVE-2010-2261
Title:
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Type:
Hardware
Bulletins:
CVE-2010-2261
Severity:
High
Description:
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
Applies to:
wap54g
Created:
2010-06-09
Updated:
2024-01-17

ID:
MITRE:7170
Title:
VBScript Help Keypress Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:7170
CVE-2010-0483
Severity:
High
Description:
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
Applies to:
VBScript 5.1
VBScript 5.6
VBScript 5.7
VBScript 5.8
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:7049
Title:
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
Type:
Software
Bulletins:
MITRE:7049
CVE-2009-2285
Severity:
Medium
Description:
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:7561
Title:
Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
MITRE:7561
CVE-2010-0042
Severity:
Medium
Description:
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:6741
Title:
Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:6741
CVE-2010-0040
Severity:
High
Description:
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:6901
Title:
Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:6901
CVE-2010-0043
Severity:
High
Description:
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:6885
Title:
Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
MITRE:6885
CVE-2010-0041
Severity:
Medium
Description:
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
Applies to:
Apple Safari
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:7427
Title:
Apple iTunes MP4 File Processing Denial of Service Vulnerability
Type:
Software
Bulletins:
MITRE:7427
CVE-2010-0531
Severity:
Medium
Description:
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
Applies to:
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:7110
Title:
Apple iTunes Install or Update Privilege Escalation Vulnerability
Type:
Software
Bulletins:
MITRE:7110
CVE-2010-0532
Severity:
Medium
Description:
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
Applies to:
Apple iTunes
Created:
2010-06-07
Updated:
2024-01-17

ID:
MITRE:8595
Title:
Movie Maker and Producer Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:8595
CVE-2010-0265
Severity:
High
Description:
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
Applies to:
Microsoft Producer 2003
Movie Maker 2.1
Movie Maker 2.6
Movie Maker 6.0
Created:
2010-05-24
Updated:
2024-01-17

ID:
MITRE:7709
Title:
libpng buffer overflow
Type:
Software
Bulletins:
MITRE:7709
CVE-2004-0597
Severity:
High
Description:
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
Applies to:
Adobe Acrobat Reader
MSN Messenger 4.7
MSN Messenger 6.1
MSN Messenger 6.2
Created:
2010-05-17
Updated:
2024-01-17

ID:
CVE-2009-4821
Title:
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi...
Type:
Hardware
Bulletins:
CVE-2009-4821
SFBID37415
Severity:
Medium
Description:
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
Applies to:
DIR-615
Created:
2010-04-27
Updated:
2024-01-17

ID:
CVE-2010-1226
Title:
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV...
Type:
Mobile Devices
Bulletins:
CVE-2010-1226
SFBID38758
Severity:
Medium
Description:
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.
Applies to:
Created:
2010-04-01
Updated:
2024-01-17

ID:
CVE-2010-1181
Title:
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
Type:
Mobile Devices
Bulletins:
CVE-2010-1181
Severity:
Medium
Description:
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
Applies to:
Created:
2010-03-29
Updated:
2024-01-17

ID:
CVE-2010-1119
Title:
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause...
Type:
Mobile Devices
Bulletins:
CVE-2010-1119
SFBID40620
Severity:
High
Description:
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0581
Title:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
Type:
Hardware
Bulletins:
CVE-2010-0581
Severity:
High
Description:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0580
Title:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
Type:
Hardware
Bulletins:
CVE-2010-0580
Severity:
High
Description:
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0584
Title:
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
Type:
Hardware
Bulletins:
CVE-2010-0584
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Protocol (SCCP) packets, aka Bug ID CSCsy09250.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0576
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers...
Type:
Hardware
Bulletins:
CVE-2010-0576
SFBID38938
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x through 2.3.x before 2.3.2, and IOS XR 3.2.x through 3.4.3, when Multiprotocol Label Switching (MPLS) and Label Distribution Protocol (LDP) are enabled, allows remote attackers to cause a denial of service (device reload or process restart) via a crafted LDP packet, aka Bug IDs CSCsz45567 and CSCsj25893.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0579
Title:
The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
Type:
Hardware
Bulletins:
CVE-2010-0579
Severity:
High
Description:
The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling Denial of Service Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0578
Title:
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
Type:
Hardware
Bulletins:
CVE-2010-0578
SFBID38932
Severity:
High
Description:
The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0583
Title:
Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
Type:
Hardware
Bulletins:
CVE-2010-0583
SFBID38934
Severity:
High
Description:
Memory leak in the H.323 implementation in Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (memory consumption and device reload) via malformed H.323 packets, aka Bug ID CSCtb93855.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0577
Title:
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
Type:
Hardware
Bulletins:
CVE-2010-0577
SFBID38930
Severity:
High
Description:
Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size configurations are used, allows remote attackers to cause a denial of service (infinite loop, and device reload or hang) via a TCP segment with crafted options, aka Bug ID CSCsz75186.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0585
Title:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
Type:
Hardware
Bulletins:
CVE-2010-0585
Severity:
High
Description:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0586
Title:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny...
Type:
Hardware
Bulletins:
CVE-2010-0586
Severity:
High
Description:
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0582
Title:
Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.
Type:
Hardware
Bulletins:
CVE-2010-0582
Severity:
High
Description:
Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962.
Applies to:
Created:
2010-03-25
Updated:
2024-01-17

ID:
CVE-2010-0936
Title:
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
Type:
Hardware
Bulletins:
CVE-2010-0936
SFBID37646
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
Applies to:
DKVM-IP8
Created:
2010-03-08
Updated:
2024-01-17

ID:
CVE-2010-0592
Title:
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2010-0592
SFBID38497
Severity:
High
Description:
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2024-01-17

ID:
CVE-2010-0590
Title:
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register...
Type:
Hardware
Bulletins:
CVE-2010-0590
SFBID38495
Severity:
High
Description:
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2024-01-17

ID:
CVE-2010-0591
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to...
Type:
Hardware
Bulletins:
CVE-2010-0591
SFBID38498
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2024-01-17

ID:
CVE-2010-0588
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines...
Type:
Hardware
Bulletins:
CVE-2010-0588
SFBID38501
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2024-01-17

ID:
CVE-2010-0587
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP...
Type:
Hardware
Bulletins:
CVE-2010-0587
SFBID38496
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
Applies to:
Unified Communications Manager
Created:
2010-03-05
Updated:
2024-01-17

ID:
MITRE:7573
Title:
ATL Null String Vulnerability
Type:
Mail
Bulletins:
MITRE:7573
CVE-2009-2495
Severity:
High
Description:
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Applies to:
Microsoft Office Visio Viewer 2003
Microsoft Office Visio Viewer 2007
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook 2007
Microsoft Visio Viewer 2002
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Created:
2010-02-22
Updated:
2024-01-17

ID:
MITRE:7995
Title:
Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:7995
CVE-2008-4116
Severity:
High
Description:
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
Applies to:
Apple QuickTime
Apple iTunes
Created:
2010-02-22
Updated:
2024-01-17

ID:
CVE-2010-0149
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2010-0149
SFBID38275
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability."
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
CVE-2010-0565
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device...
Type:
Hardware
Bulletins:
CVE-2010-0565
SFBID38280
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability."
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
CVE-2010-0568
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote...
Type:
Hardware
Bulletins:
CVE-2010-0568
SFBID38279
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953.
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
CVE-2010-0150
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
Type:
Hardware
Bulletins:
CVE-2010-0150
SFBID38277
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157.
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
CVE-2010-0569
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows...
Type:
Hardware
Bulletins:
CVE-2010-0569
SFBID38281
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018.
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
CVE-2010-0567
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows...
Type:
Hardware
Bulletins:
CVE-2010-0567
SFBID38279
Severity:
Medium
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
CVE-2010-0566
Title:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2010-0566
SFBID38278
Severity:
High
Description:
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219.
Applies to:
Created:
2010-02-19
Updated:
2024-01-17

ID:
MITRE:7581
Title:
ATL Uninitialized Object Vulnerability
Type:
Mail
Bulletins:
MITRE:7581
CVE-2009-0901
Severity:
High
Description:
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Applies to:
Microsoft Office Visio Viewer 2003
Microsoft Office Visio Viewer 2007
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook 2007
Microsoft Visio Viewer 2002
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Created:
2010-02-08
Updated:
2024-01-17

ID:
MITRE:6716
Title:
ATL COM Initialization Vulnerability
Type:
Mail
Bulletins:
MITRE:6716
CVE-2009-2493
Severity:
High
Description:
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Applies to:
Microsoft Internet Explorer 5
Microsoft Internet Explorer 6
Microsoft Office Visio Viewer 2003
Microsoft Office Visio Viewer 2007
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook 2007
Microsoft Visio Viewer 2002
Created:
2010-02-08
Updated:
2024-01-17

ID:
CVE-2010-0038
Title:
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that...
Type:
Mobile Devices
Bulletins:
CVE-2010-0038
SFBID38040
Severity:
Medium
Description:
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.
Applies to:
Created:
2010-02-03
Updated:
2024-01-17

ID:
MITRE:5846
Title:
WordPad and Office Text converter Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:5846
CVE-2009-2506
Severity:
High
Description:
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
Applies to:
Microsoft Office Converter Pack
Microsoft Word 2002
Microsoft Word 2003
Microsoft Works 8.5
Created:
2010-01-25
Updated:
2024-01-17

ID:
CVE-2010-0137
Title:
Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.
Type:
Hardware
Bulletins:
CVE-2010-0137
SFBID37878
Severity:
High
Description:
Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.
Applies to:
Created:
2010-01-21
Updated:
2024-01-17

ID:
CVE-2009-4455
Title:
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended...
Type:
Hardware
Bulletins:
CVE-2009-4455
Severity:
Medium
Description:
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."
Applies to:
Created:
2009-12-29
Updated:
2024-01-17

ID:
MITRE:6407
Title:
Windows Media Runtime Voice Sample Rate Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:6407
CVE-2009-0555
Severity:
High
Description:
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
Applies to:
Windows Media Format Runtime 11
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Created:
2009-12-07
Updated:
2024-01-17

ID:
MITRE:6484
Title:
Windows Media Runtime Heap Corruption Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:6484
CVE-2009-2525
Severity:
High
Description:
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
Applies to:
Windows Media Format Runtime 11
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Created:
2009-12-07
Updated:
2024-01-17

ID:
CVE-2009-2631
Title:
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix...
Type:
Hardware
Bulletins:
CVE-2009-2631
SFBID37152
Severity:
Medium
Description:
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design.
Applies to:
SonicWall SSL-VPN
SonicWall SSL-VPN E Class
Created:
2009-12-04
Updated:
2024-01-17

ID:
MITRE:5967
Title:
GDI+ WMF Integer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:5967
CVE-2009-2500
Severity:
High
Description:
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
Applies to:
Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Created:
2009-11-30
Updated:
2024-01-17

ID:
MITRE:5898
Title:
GDI+ TIFF Buffer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:5898
CVE-2009-2502
Severity:
High
Description:
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
Applies to:
Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Created:
2009-11-30
Updated:
2024-01-17

ID:
MITRE:6491
Title:
GDI+ TIFF Buffer Overflow Vulnerability
Type:
Web
Bulletins:
MITRE:6491
CVE-2009-2503
Severity:
High
Description:
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Created:
2009-11-30
Updated:
2024-01-17

ID:
MITRE:6134
Title:
GDI+ PNG Integer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:6134
CVE-2009-3126
Severity:
High
Description:
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
Applies to:
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Created:
2009-11-30
Updated:
2024-01-17

ID:
MITRE:6282
Title:
GDI+ .NET API Vulnerability
Type:
Software
Bulletins:
MITRE:6282
CVE-2009-2504
Severity:
High
Description:
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
Applies to:
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft SQL Server 2005
Microsoft Visual Studio 2008
Created:
2009-11-30
Updated:
2024-01-17

ID:
MITRE:6290
Title:
Apple iTunes '.pls' File Buffer Overflow Vulnerability
Type:
Software
Bulletins:
MITRE:6290
CVE-2009-2817
Severity:
High
Description:
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
Applies to:
Apple iTunes
Created:
2009-11-30
Updated:
2024-01-17

ID:
MITRE:6257
Title:
Windows Media Header Parsing Invalid Free Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:6257
CVE-2009-2498
Severity:
High
Description:
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
Applies to:
Microsoft Media Services 9
Microsoft Media Services 9.1
Windows Media Format Runtime 11
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Created:
2009-10-19
Updated:
2024-01-17

ID:
MITRE:6316
Title:
JScript Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:6316
CVE-2009-1920
Severity:
High
Description:
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
Applies to:
JScript Scripting Engine
Created:
2009-10-19
Updated:
2024-01-17

ID:
CVE-2009-2999
Title:
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an...
Type:
Mobile Devices
Bulletins:
CVE-2009-2999
Severity:
Medium
Description:
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.
Applies to:
Created:
2009-10-14
Updated:
2024-01-17

ID:
CVE-2009-3698
Title:
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.
Type:
Mobile Devices
Bulletins:
CVE-2009-3698
SFBID36590
Severity:
Medium
Description:
An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.
Applies to:
Created:
2009-10-14
Updated:
2024-01-17

ID:
CVE-2009-3486
Title:
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the...
Type:
Hardware
Bulletins:
CVE-2009-3486
SFBID36537
Severity:
Low
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.
Applies to:
Created:
2009-09-30
Updated:
2024-01-17

ID:
CVE-2009-3487
Title:
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the...
Type:
Hardware
Bulletins:
CVE-2009-3487
SFBID36537
Severity:
Low
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.
Applies to:
Created:
2009-09-30
Updated:
2024-01-17

ID:
CVE-2009-3485
Title:
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.
Type:
Hardware
Bulletins:
CVE-2009-3485
SFBID36537
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.
Applies to:
Created:
2009-09-30
Updated:
2024-01-17

ID:
CVE-2009-2867
Title:
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP...
Type:
Hardware
Bulletins:
CVE-2009-2867
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet, aka Bug ID CSCsr18691.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2869
Title:
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
Type:
Hardware
Bulletins:
CVE-2009-2869
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2870
Title:
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.
Type:
Hardware
Bulletins:
CVE-2009-2870
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2868
Title:
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.
Type:
Hardware
Bulletins:
CVE-2009-2868
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2866
Title:
Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.
Type:
Hardware
Bulletins:
CVE-2009-2866
SFBID36494
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2871
Title:
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.
Type:
Hardware
Bulletins:
CVE-2009-2871
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2862
Title:
The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114,...
Type:
Hardware
Bulletins:
CVE-2009-2862
SFBID36495
Severity:
Medium
Description:
The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2863
Title:
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
Type:
Hardware
Bulletins:
CVE-2009-2863
SFBID36491
Severity:
High
Description:
Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2864
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP...
Type:
Hardware
Bulletins:
CVE-2009-2864
SFBID36496
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2873
Title:
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
Type:
Hardware
Bulletins:
CVE-2009-2873
Severity:
High
Description:
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2872
Title:
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from...
Type:
Hardware
Bulletins:
CVE-2009-2872
Severity:
Medium
Description:
Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-2865
Title:
Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a...
Type:
Hardware
Bulletins:
CVE-2009-2865
SFBID36498
Severity:
High
Description:
Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
Applies to:
Created:
2009-09-28
Updated:
2024-01-17

ID:
CVE-2009-3341
Title:
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this...
Type:
Hardware
Bulletins:
CVE-2009-3341
Severity:
High
Description:
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Applies to:
wrt54gl
Created:
2009-09-24
Updated:
2024-01-17

ID:
CVE-2009-3347
Title:
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this...
Type:
Hardware
Bulletins:
CVE-2009-3347
SFBID36237
Severity:
High
Description:
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Applies to:
DIR-400
Created:
2009-09-24
Updated:
2024-01-17

ID:
CVE-2009-3273
Title:
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
Type:
Mobile Devices
Bulletins:
CVE-2009-3273
SFBID36370
Severity:
High
Description:
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
Applies to:
Created:
2009-09-21
Updated:
2024-01-17

ID:
CVE-2009-3271
Title:
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
Type:
Mobile Devices
Bulletins:
CVE-2009-3271
SFBID36386
Severity:
Medium
Description:
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
Applies to:
Created:
2009-09-21
Updated:
2024-01-17

ID:
CVE-2009-2797
Title:
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive...
Type:
Mobile Devices
Bulletins:
CVE-2009-2797
SFBID36339
Severity:
Medium
Description:
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-2796
Title:
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
Type:
Mobile Devices
Bulletins:
CVE-2009-2796
SFBID36335
Severity:
Low
Description:
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-2815
Title:
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2009-2815
Severity:
High
Description:
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-2207
Title:
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these...
Type:
Mobile Devices
Bulletins:
CVE-2009-2207
SFBID36337
Severity:
Low
Description:
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-2794
Title:
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended...
Type:
Mobile Devices
Bulletins:
CVE-2009-2794
SFBID36342
Severity:
Medium
Description:
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-2206
Title:
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial...
Type:
Mobile Devices
Bulletins:
CVE-2009-2206
SFBID36338
Severity:
Medium
Description:
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-2795
Title:
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related...
Type:
Mobile Devices
Bulletins:
CVE-2009-2795
SFBID36341
Severity:
High
Description:
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."
Applies to:
Created:
2009-09-10
Updated:
2024-01-17

ID:
CVE-2009-0627
Title:
Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation,"...
Type:
Hardware
Bulletins:
CVE-2009-0627
Severity:
High
Description:
Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when running on Nexus 5000 platforms, allows remote attackers to cause a denial of service (crash) via an unspecified "sequence of TCP packets" related to "TCP State manipulation," possibly related to separate attacks against CVE-2008-4609.
Applies to:
Cisco Nexus 5000 Series
Cisco Nexus 7000
Created:
2009-09-08
Updated:
2024-01-17

ID:
CVE-2009-2861
Title:
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of...
Type:
Hardware
Bulletins:
CVE-2009-2861
SFBID36145
Severity:
High
Description:
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.
Applies to:
Cisco Aironet Ap1100
Cisco Aironet Ap1200
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2050
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
Type:
Hardware
Bulletins:
CVE-2009-2050
SFBID36152
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
Applies to:
Unified Communications Manager
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2054
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and...
Type:
Hardware
Bulletins:
CVE-2009-2054
SFBID36152
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.
Applies to:
Unified Communications Manager
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2053
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP...
Type:
Hardware
Bulletins:
CVE-2009-2053
SFBID36152
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
Applies to:
Unified Communications Manager
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2052
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote...
Type:
Hardware
Bulletins:
CVE-2009-2052
SFBID36152
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.
Applies to:
Unified Communications Manager
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2051
Title:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote...
Type:
Hardware
Bulletins:
CVE-2009-2051
SFBID36152
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
Applies to:
Unified Communications Manager
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2976
Title:
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by...
Type:
Hardware
Bulletins:
CVE-2009-2976
Severity:
High
Description:
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
Applies to:
Cisco Aironet Ap1100
Cisco Aironet Ap1200
Created:
2009-08-27
Updated:
2024-01-17

ID:
CVE-2009-2056
Title:
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
Type:
Hardware
Bulletins:
CVE-2009-2056
Severity:
Low
Description:
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
Applies to:
Created:
2009-08-21
Updated:
2024-01-17

ID:
CVE-2009-1154
Title:
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
Type:
Hardware
Bulletins:
CVE-2009-1154
Severity:
Low
Description:
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
Applies to:
Created:
2009-08-21
Updated:
2024-01-17

ID:
CVE-2009-2055
Title:
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
Type:
Hardware
Bulletins:
CVE-2009-2055
Severity:
Medium
Description:
Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
Applies to:
Created:
2009-08-19
Updated:
2024-01-17

ID:
CVE-2009-2199
Title:
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and...
Type:
Mobile Devices
Bulletins:
CVE-2009-2199
SFBID36026
Severity:
Medium
Description:
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
Applies to:
Created:
2009-08-12
Updated:
2024-01-17

ID:
CVE-2009-2204
Title:
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory...
Type:
Mobile Devices
Bulletins:
CVE-2009-2204
SFBID35569
Severity:
High
Description:
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
Applies to:
Created:
2009-08-03
Updated:
2024-01-17

ID:
CVE-2009-2656
Title:
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and...
Type:
Mobile Devices
Bulletins:
CVE-2009-2656
SFBID35886
Severity:
Medium
Description:
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.
Applies to:
Created:
2009-08-03
Updated:
2024-01-17

ID:
CVE-2009-1168
Title:
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through...
Type:
Hardware
Bulletins:
CVE-2009-1168
SFBID35862
Severity:
High
Description:
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.
Applies to:
Created:
2009-07-30
Updated:
2024-01-17

ID:
CVE-2009-2049
Title:
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t...
Type:
Hardware
Bulletins:
CVE-2009-2049
SFBID35860
Severity:
Medium
Description:
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973.
Applies to:
Created:
2009-07-30
Updated:
2024-01-17

ID:
CVE-2009-1167
Title:
Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules...
Type:
Hardware
Bulletins:
CVE-2009-1167
Severity:
High
Description:
Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.
Applies to:
Cisco Catalyst 3750G
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Created:
2009-07-29
Updated:
2024-01-17

ID:
CVE-2009-1166
Title:
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services...
Type:
Hardware
Bulletins:
CVE-2009-1166
Severity:
High
Description:
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708.
Applies to:
Cisco Catalyst 3750G
Created:
2009-07-29
Updated:
2024-01-17

ID:
CVE-2009-1164
Title:
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services...
Type:
Hardware
Bulletins:
CVE-2009-1164
Severity:
High
Description:
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715.
Applies to:
Cisco Catalyst 3750G
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Created:
2009-07-29
Updated:
2024-01-17

ID:
CVE-2009-1165
Title:
Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless...
Type:
Hardware
Bulletins:
CVE-2009-1165
SFBID35817
Severity:
High
Description:
Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789.
Applies to:
Cisco Catalyst 3750G
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Created:
2009-07-29
Updated:
2024-01-17

ID:
CVE-2009-2348
Title:
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and...
Type:
Mobile Devices
Bulletins:
CVE-2009-2348
SFBID35717
Severity:
Medium
Description:
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.
Applies to:
Created:
2009-07-17
Updated:
2024-01-17

ID:
CVE-2009-1725
Title:
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle...
Type:
Mobile Devices
Bulletins:
CVE-2009-1725
SFBID35607
Severity:
High
Description:
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Applies to:
Created:
2009-07-09
Updated:
2024-01-17

ID:
CVE-2009-1724
Title:
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or...
Type:
Mobile Devices
Bulletins:
CVE-2009-1724
SFBID35441
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
Applies to:
Created:
2009-07-09
Updated:
2024-01-17

ID:
CVE-2009-1203
Title:
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it...
Type:
Hardware
Bulletins:
CVE-2009-1203
SFBID35475
Severity:
Medium
Description:
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709.
Applies to:
Created:
2009-06-25
Updated:
2024-01-17

ID:
CVE-2009-1202
Title:
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS)...
Type:
Hardware
Bulletins:
CVE-2009-1202
SFBID35480
Severity:
Medium
Description:
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
Applies to:
Created:
2009-06-25
Updated:
2024-01-17

ID:
CVE-2009-1201
Title:
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct...
Type:
Hardware
Bulletins:
CVE-2009-1201
SFBID35476
Severity:
Medium
Description:
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Applies to:
Created:
2009-06-25
Updated:
2024-01-17

ID:
CVE-2009-1692
Title:
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via...
Type:
Mobile Devices
Bulletins:
CVE-2009-1692
SFBID35414
Severity:
High
Description:
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-1683
Title:
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an...
Type:
Mobile Devices
Bulletins:
CVE-2009-1683
SFBID35414
Severity:
High
Description:
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-1679
Title:
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password...
Type:
Mobile Devices
Bulletins:
CVE-2009-1679
SFBID35414
Severity:
Low
Description:
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-0959
Title:
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input...
Type:
Mobile Devices
Bulletins:
CVE-2009-0959
SFBID35414
Severity:
High
Description:
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-0960
Title:
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device...
Type:
Mobile Devices
Bulletins:
CVE-2009-0960
SFBID35414
Severity:
Medium
Description:
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-0961
Title:
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a...
Type:
Mobile Devices
Bulletins:
CVE-2009-0961
SFBID35414
Severity:
Medium
Description:
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-1680
Title:
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to...
Type:
Mobile Devices
Bulletins:
CVE-2009-1680
SFBID35414
Severity:
Low
Description:
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-0958
Title:
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in...
Type:
Mobile Devices
Bulletins:
CVE-2009-0958
SFBID35414
Severity:
Medium
Description:
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
Applies to:
Created:
2009-06-19
Updated:
2024-01-17

ID:
CVE-2009-1698
Title:
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical...
Type:
Mobile Devices
Bulletins:
CVE-2009-1698
SFBID35260
Severity:
High
Description:
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Applies to:
Created:
2009-06-10
Updated:
2024-01-17

ID:
CVE-2009-1690
Title:
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to...
Type:
Mobile Devices
Bulletins:
CVE-2009-1690
SFBID35260
Severity:
High
Description:
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Applies to:
Created:
2009-06-10
Updated:
2024-01-17

ID:
CVE-2009-1701
Title:
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or...
Type:
Mobile Devices
Bulletins:
CVE-2009-1701
SFBID35260
Severity:
High
Description:
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
Applies to:
Created:
2009-06-10
Updated:
2024-01-17

ID:
CVE-2009-1700
Title:
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from...
Type:
Mobile Devices
Bulletins:
CVE-2009-1700
SFBID35260
Severity:
Medium
Description:
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
Applies to:
Created:
2009-06-10
Updated:
2024-01-17

ID:
CVE-2009-1699
Title:
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read...
Type:
Mobile Devices
Bulletins:
CVE-2009-1699
SFBID35260
Severity:
High
Description:
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
Applies to:
Created:
2009-06-10
Updated:
2024-01-17

ID:
CVE-2009-1702
Title:
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors...
Type:
Mobile Devices
Bulletins:
CVE-2009-1702
SFBID35260
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
Applies to:
Created:
2009-06-10
Updated:
2024-01-17

ID:
CVE-2009-1754
Title:
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an...
Type:
Mobile Devices
Bulletins:
CVE-2009-1754
SFBID35090
Severity:
Medium
Description:
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
Applies to:
Created:
2009-05-26
Updated:
2024-01-17

ID:
CVE-2009-1561
Title:
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator...
Type:
Hardware
Bulletins:
CVE-2009-1561
SFBID34616
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
Applies to:
wrt54gc
Created:
2009-05-06
Updated:
2024-01-17

ID:
MITRE:5868
Title:
Microsoft Malformed BMP Filter Vulnerability
Type:
Software
Bulletins:
MITRE:5868
CVE-2008-3020
Severity:
High
Description:
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
Applies to:
Microsoft Office 2000
Microsoft Office Converter Pack
Microsoft Office Project 2002
Microsoft Office XP
Microsoft Works
Created:
2009-05-04
Updated:
2024-01-17

ID:
MITRE:5336
Title:
Apple iTunes Information Disclosure Vulnerability
Type:
Software
Bulletins:
MITRE:5336
CVE-2009-0143
Severity:
Medium
Description:
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
Applies to:
Apple iTunes
Created:
2009-05-04
Updated:
2024-01-17

ID:
MITRE:6001
Title:
Apple iTunes Denial of Service Vulnerability
Type:
Software
Bulletins:
MITRE:6001
CVE-2009-0016
Severity:
Medium
Description:
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
Applies to:
Apple iTunes
Created:
2009-05-04
Updated:
2024-01-17

ID:
CVE-2009-1156
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload)...
Type:
Hardware
Bulletins:
CVE-2009-1156
SFBID34429
Severity:
Medium
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet.
Applies to:
Created:
2009-04-09
Updated:
2024-01-17

ID:
CVE-2009-1158
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote...
Type:
Hardware
Bulletins:
CVE-2009-1158
SFBID34429
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.
Applies to:
Created:
2009-04-09
Updated:
2024-01-17

ID:
CVE-2009-1159
Title:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2009-1159
SFBID34429
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.
Applies to:
Created:
2009-04-09
Updated:
2024-01-17

ID:
CVE-2009-1157
Title:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2009-1157
SFBID34429
Severity:
High
Description:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.
Applies to:
Created:
2009-04-09
Updated:
2024-01-17

ID:
CVE-2009-1155
Title:
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field,...
Type:
Hardware
Bulletins:
CVE-2009-1155
SFBID34429
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.
Applies to:
Created:
2009-04-09
Updated:
2024-01-17

ID:
CVE-2009-1160
Title:
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote...
Type:
Hardware
Bulletins:
CVE-2009-1160
SFBID34429
Severity:
Medium
Description:
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.
Applies to:
Created:
2009-04-09
Updated:
2024-01-17

ID:
CVE-2008-6576
Title:
Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion...
Type:
Hardware
Bulletins:
CVE-2008-6576
SFBID28691
Severity:
High
Description:
Unspecified vulnerability in the "session limitation technique" in the FTP service on Nortel Communications Server 1000 (CS1K) 4.50.x, when running on VGMC or signaling nodes, allows remote attackers to cause a denial of service (resource exhaustion and failed updates) via unknown vectors that causes consumption of all available sessions.
Applies to:
CS 1000
Created:
2009-04-01
Updated:
2024-01-17

ID:
CVE-2008-6577
Title:
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
Type:
Hardware
Bulletins:
CVE-2008-6577
SFBID28691
Severity:
High
Description:
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
Applies to:
CS 1000
Created:
2009-04-01
Updated:
2024-01-17

ID:
CVE-2008-6579
Title:
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
Type:
Hardware
Bulletins:
CVE-2008-6579
SFBID28691
Severity:
Medium
Description:
Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."
Applies to:
CS 1000
Created:
2009-04-01
Updated:
2024-01-17

ID:
CVE-2008-6578
Title:
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2008-6578
SFBID28691
Severity:
High
Description:
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
Applies to:
CS 1000
Created:
2009-04-01
Updated:
2024-01-17

ID:
CVE-2009-0636
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
Type:
Hardware
Bulletins:
CVE-2009-0636
SFBID34243
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0631
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol...
Type:
Hardware
Bulletins:
CVE-2009-0631
SFBID34245
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0626
Title:
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
Type:
Hardware
Bulletins:
CVE-2009-0626
SFBID34239
Severity:
High
Description:
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0637
Title:
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite...
Type:
Hardware
Bulletins:
CVE-2009-0637
SFBID34247
Severity:
High
Description:
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0630
Title:
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission...
Type:
Hardware
Bulletins:
CVE-2009-0630
SFBID34242
Severity:
High
Description:
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0629
Title:
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging...
Type:
Hardware
Bulletins:
CVE-2009-0629
SFBID34238
Severity:
Medium
Description:
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0634
Title:
Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge...
Type:
Hardware
Bulletins:
CVE-2009-0634
SFBID34241
Severity:
High
Description:
Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0633
Title:
Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6...
Type:
Hardware
Bulletins:
CVE-2009-0633
SFBID34241
Severity:
High
Description:
Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0628
Title:
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control...
Type:
Hardware
Bulletins:
CVE-2009-0628
SFBID34239
Severity:
High
Description:
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0635
Title:
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a...
Type:
Hardware
Bulletins:
CVE-2009-0635
SFBID34246
Severity:
High
Description:
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
Applies to:
Created:
2009-03-27
Updated:
2024-01-17

ID:
CVE-2009-0632
Title:
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2)...
Type:
Hardware
Bulletins:
CVE-2009-0632
SFBID34082
Severity:
High
Description:
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
Applies to:
Unified Communications Manager
Created:
2009-03-12
Updated:
2024-01-17

ID:
CVE-2009-0624
Title:
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote...
Type:
Hardware
Bulletins:
CVE-2009-0624
SFBID33900
Severity:
Medium
Description:
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
Applies to:
Cisco Ace 4710
Created:
2009-02-26
Updated:
2024-01-17

ID:
CVE-2009-0623
Title:
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2009-0623
SFBID33900
Severity:
High
Description:
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
Applies to:
Cisco Ace 4710
Created:
2009-02-26
Updated:
2024-01-17

ID:
CVE-2009-0622
Title:
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute...
Type:
Hardware
Bulletins:
CVE-2009-0622
SFBID33900
Severity:
High
Description:
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
Applies to:
Cisco Ace 4710
Created:
2009-02-26
Updated:
2024-01-17

ID:
CVE-2009-0625
Title:
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2009-0625
SFBID33900
Severity:
High
Description:
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
Applies to:
Cisco Ace 4710
Created:
2009-02-26
Updated:
2024-01-17

ID:
CVE-2009-0742
Title:
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers...
Type:
Hardware
Bulletins:
CVE-2009-0742
Severity:
High
Description:
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
Applies to:
Cisco Ace 4710
Created:
2009-02-26
Updated:
2024-01-17

ID:
CVE-2009-0621
Title:
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform...
Type:
Hardware
Bulletins:
CVE-2009-0621
SFBID33900
Severity:
High
Description:
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
Applies to:
Cisco Ace 4710
Created:
2009-02-26
Updated:
2024-01-17

ID:
CVE-2008-6096
Title:
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet...
Type:
Hardware
Bulletins:
CVE-2008-6096
SFBID31528
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page.
Applies to:
Created:
2009-02-09
Updated:
2024-01-17

ID:
CVE-2009-0470
Title:
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different...
Type:
Hardware
Bulletins:
CVE-2009-0470
SFBID33625
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.
Applies to:
Created:
2009-02-06
Updated:
2024-01-17

ID:
CVE-2009-0471
Title:
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
Type:
Hardware
Bulletins:
CVE-2009-0471
Severity:
Medium
Description:
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
Applies to:
Created:
2009-02-06
Updated:
2024-01-17

ID:
CVE-2009-0061
Title:
Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before...
Type:
Hardware
Bulletins:
CVE-2009-0061
SFBID33608
Severity:
High
Description:
Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets.
Applies to:
Cisco WLC 4400
Created:
2009-02-04
Updated:
2024-01-17

ID:
CVE-2009-0062
Title:
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain...
Type:
Hardware
Bulletins:
CVE-2009-0062
SFBID33608
Severity:
High
Description:
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.
Applies to:
Created:
2009-02-04
Updated:
2024-01-17

ID:
CVE-2009-0058
Title:
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial...
Type:
Hardware
Bulletins:
CVE-2009-0058
SFBID33608
Severity:
Medium
Description:
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner.
Applies to:
Cisco WLC 4400
Created:
2009-02-04
Updated:
2024-01-17

ID:
CVE-2009-0059
Title:
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2009-0059
SFBID33608
Severity:
High
Description:
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.
Applies to:
Cisco WLC 4400
Created:
2009-02-04
Updated:
2024-01-17

ID:
CVE-2009-0057
Title:
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a...
Type:
Hardware
Bulletins:
CVE-2009-0057
SFBID33379
Severity:
Medium
Description:
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
Applies to:
Unified Communications Manager
Created:
2009-01-22
Updated:
2024-01-17

ID:
CVE-2008-3821
Title:
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
Type:
Hardware
Bulletins:
CVE-2008-3821
SFBID33260
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
Applies to:
Created:
2009-01-16
Updated:
2024-01-17

ID:
CVE-2008-3818
Title:
Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.
Type:
Hardware
Bulletins:
CVE-2008-3818
SFBID33261
Severity:
High
Description:
Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.
Applies to:
Created:
2009-01-16
Updated:
2024-01-17

ID:
MITRE:6075
Title:
HIS Command Execution Vulnerability
Type:
Software
Bulletins:
MITRE:6075
CVE-2008-3466
Severity:
High
Description:
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Applies to:
Microsoft Host Integration Server 2000
Microsoft Host Integration Server 2004
Microsoft Host Integration Server 2004 Client
Microsoft Host Integration Server 2006
Created:
2008-12-08
Updated:
2024-01-17

ID:
CVE-2008-5230
Title:
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which...
Type:
Hardware
Bulletins:
CVE-2008-5230
SFBID32164
Severity:
Medium
Description:
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4230
Title:
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain...
Type:
Mobile Devices
Bulletins:
CVE-2008-4230
SFBID32394
Severity:
Low
Description:
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4228
Title:
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an...
Type:
Mobile Devices
Bulletins:
CVE-2008-4228
SFBID32394
Severity:
Low
Description:
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4232
Title:
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a...
Type:
Mobile Devices
Bulletins:
CVE-2008-4232
SFBID32394
Severity:
Medium
Description:
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4231
Title:
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory...
Type:
Mobile Devices
Bulletins:
CVE-2008-4231
SFBID32394
Severity:
High
Description:
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4233
Title:
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone...
Type:
Mobile Devices
Bulletins:
CVE-2008-4233
SFBID32394
Severity:
Low
Description:
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4229
Title:
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the...
Type:
Mobile Devices
Bulletins:
CVE-2008-4229
SFBID32394
Severity:
Low
Description:
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-1586
Title:
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
Type:
Mobile Devices
Bulletins:
CVE-2008-1586
SFBID32394
Severity:
High
Description:
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
CVE-2008-4227
Title:
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain...
Type:
Mobile Devices
Bulletins:
CVE-2008-4227
SFBID32394
Severity:
High
Description:
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
Applies to:
Created:
2008-11-25
Updated:
2024-01-17

ID:
REF000667
Title:
USB devices installed over time
Type:
Information
Bulletins: Severity:
Information
Description:
This check generates a list of all USB devices that have been connected to the scanned computer.
Applies to:
Created:
2008-11-17
Updated:
2010-08-21

ID:
CVE-2008-4963
Title:
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP...
Type:
Hardware
Bulletins:
CVE-2008-4963
SFBID32120
Severity:
High
Description:
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port.
Applies to:
Created:
2008-11-06
Updated:
2024-01-17

ID:
CVE-2008-4918
Title:
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that...
Type:
Hardware
Bulletins:
CVE-2008-4918
SFBID31998
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
Applies to:
Created:
2008-11-04
Updated:
2024-01-17

ID:
MITRE:6035
Title:
Apple iTunes Local Privilege Escalation Vulnerability
Type:
Software
Bulletins:
MITRE:6035
CVE-2008-3636
Severity:
High
Description:
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
Applies to:
Apple iTunes
Created:
2008-11-03
Updated:
2024-01-17

ID:
CVE-2008-3816
Title:
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
Type:
Hardware
Bulletins:
CVE-2008-3816
SFBID31863
Severity:
High
Description:
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco PIX 500 Firewall Series
Created:
2008-10-23
Updated:
2024-01-17

ID:
CVE-2008-3815
Title:
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using...
Type:
Hardware
Bulletins:
CVE-2008-3815
SFBID31864
Severity:
Medium
Description:
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
Applies to:
Created:
2008-10-23
Updated:
2024-01-17

ID:
CVE-2008-3817
Title:
Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,...
Type:
Hardware
Bulletins:
CVE-2008-3817
SFBID31865
Severity:
High
Description:
Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator."
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco PIX 500 Firewall Series
Created:
2008-10-23
Updated:
2024-01-17

ID:
CVE-2008-4609
Title:
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple...
Type:
Hardware
Bulletins:
CVE-2008-4609
Severity:
High
Description:
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Applies to:
Created:
2008-10-20
Updated:
2024-01-17

ID:
CVE-2008-4594
Title:
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
Type:
Hardware
Bulletins:
CVE-2008-4594
Severity:
High
Description:
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
Applies to:
wap400n
Created:
2008-10-17
Updated:
2024-01-17

ID:
CVE-2008-4441
Title:
The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2008-4441
SFBID31742
Severity:
High
Description:
The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.
Applies to:
wap400n
Created:
2008-10-14
Updated:
2024-01-17

ID:
CVE-2008-4211
Title:
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2008-4211
SFBID31681
Severity:
High
Description:
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
Applies to:
Created:
2008-10-10
Updated:
2024-01-17

ID:
MITRE:5995
Title:
Windows Messenger Information Disclosure Vulnerability
Type:
Software
Bulletins:
MITRE:5995
CVE-2008-0082
Severity:
High
Description:
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
Applies to:
MSN Messenger 4.7
MSN Messenger 5.1
Created:
2008-10-06
Updated:
2024-01-17

ID:
CVE-2008-4383
Title:
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01,...
Type:
Hardware
Bulletins:
CVE-2008-4383
SFBID30652
Severity:
High
Description:
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
Applies to:
Created:
2008-10-03
Updated:
2024-01-17

ID:
CVE-2008-4296
Title:
The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Type:
Hardware
Bulletins:
CVE-2008-4296
Severity:
High
Description:
The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Applies to:
wrt350n
Created:
2008-09-27
Updated:
2024-01-17

ID:
CVE-2008-3802
Title:
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka...
Type:
Hardware
Bulletins:
CVE-2008-3802
Severity:
High
Description:
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3800
Title:
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2008-3800
SFBID31367
Severity:
High
Description:
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3801
Title:
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2008-3801
SFBID31367
Severity:
High
Description:
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3804
Title:
Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software...
Type:
Hardware
Bulletins:
CVE-2008-3804
Severity:
High
Description:
Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3813
Title:
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
Type:
Hardware
Bulletins:
CVE-2008-3813
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3808
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
Type:
Hardware
Bulletins:
CVE-2008-3808
SFBID31356
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-2739
Title:
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a...
Type:
Hardware
Bulletins:
CVE-2008-2739
Severity:
High
Description:
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3799
Title:
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP...
Type:
Hardware
Bulletins:
CVE-2008-3799
Severity:
High
Description:
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3812
Title:
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
Type:
Hardware
Bulletins:
CVE-2008-3812
SFBID31354
Severity:
High
Description:
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3798
Title:
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
Type:
Hardware
Bulletins:
CVE-2008-3798
Severity:
High
Description:
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3810
Title:
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than...
Type:
Hardware
Bulletins:
CVE-2008-3810
SFBID31359
Severity:
High
Description:
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3811
Title:
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different...
Type:
Hardware
Bulletins:
CVE-2008-3811
SFBID31359
Severity:
High
Description:
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3807
Title:
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this...
Type:
Hardware
Bulletins:
CVE-2008-3807
Severity:
High
Description:
Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3809
Title:
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
Type:
Hardware
Bulletins:
CVE-2008-3809
SFBID31356
Severity:
High
Description:
Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3805
Title:
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2008-3805
Severity:
High
Description:
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3806
Title:
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2008-3806
Severity:
High
Description:
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
CVE-2008-3803
Title:
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from...
Type:
Hardware
Bulletins:
CVE-2008-3803
SFBID31366
Severity:
Medium
Description:
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
Applies to:
Created:
2008-09-26
Updated:
2024-01-17

ID:
MITRE:5997
Title:
Microsoft PICT Filter Parsing Vulnerability
Type:
Software
Bulletins:
MITRE:5997
CVE-2008-3021
Severity:
High
Description:
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
Applies to:
Microsoft Office 2000
Microsoft Office 2003
Microsoft Office Converter Pack
Microsoft Office Project 2002
Microsoft Office XP
Microsoft Works 8
Created:
2008-09-22
Updated:
2024-01-17

ID:
MITRE:6019
Title:
Microsoft Office WPG Image File Heap Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:6019
CVE-2008-3460
Severity:
High
Description:
WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."
Applies to:
Microsoft Office 2000
Microsoft Office 2003
Microsoft Office Converter Pack
Microsoft Office Project 2002
Microsoft Office XP
Microsoft Works
Created:
2008-09-22
Updated:
2024-01-17

ID:
MITRE:5879
Title:
Microsoft Malformed PICT Filter Vulnerability
Type:
Software
Bulletins:
MITRE:5879
CVE-2008-3018
Severity:
High
Description:
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
Applies to:
Microsoft Office 2000
Microsoft Office 2003
Microsoft Office Converter Pack
Microsoft Office Project 2002
Microsoft Office XP
Microsoft Works
Created:
2008-09-22
Updated:
2024-01-17

ID:
MITRE:6122
Title:
Microsoft Malformed EPS Filter Vulnerability
Type:
Software
Bulletins:
MITRE:6122
CVE-2008-3019
Severity:
High
Description:
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
Applies to:
Microsoft Office 2000
Microsoft Office 2003
Microsoft Office Converter Pack
Microsoft Office Project 2002
Microsoft Office XP
Microsoft Works
Created:
2008-09-22
Updated:
2024-01-17

ID:
CVE-2008-4133
Title:
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
Type:
Hardware
Bulletins:
CVE-2008-4133
SFBID31050
Severity:
Medium
Description:
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
Applies to:
DIR-100
Created:
2008-09-19
Updated:
2024-01-17

ID:
CVE-2008-4128
Title:
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command...
Type:
Hardware
Bulletins:
CVE-2008-4128
SFBID31218
Severity:
High
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Applies to:
Created:
2008-09-18
Updated:
2024-01-17

ID:
CVE-2008-1197
Title:
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a...
Type:
Hardware
Bulletins:
CVE-2008-1197
SFBID30976
Severity:
Medium
Description:
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID."
Applies to:
WPN802 Access Point
Created:
2008-09-05
Updated:
2024-01-17

ID:
CVE-2008-1144
Title:
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or...
Type:
Hardware
Bulletins:
CVE-2008-1144
SFBID31013
Severity:
Medium
Description:
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length."
Applies to:
WPN802 Access Point
Created:
2008-09-05
Updated:
2024-01-17

ID:
CVE-2007-5474
Title:
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users...
Type:
Hardware
Bulletins:
CVE-2007-5474
SFBID31012
Severity:
Medium
Description:
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
Applies to:
wrt350n
Created:
2008-09-05
Updated:
2024-01-17

ID:
CVE-2008-2736
Title:
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown...
Type:
Hardware
Bulletins:
CVE-2008-2736
SFBID30998
Severity:
High
Description:
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.
Applies to:
Created:
2008-09-04
Updated:
2024-01-17

ID:
CVE-2008-2735
Title:
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2008-2735
SFBID30998
Severity:
High
Description:
The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.
Applies to:
Created:
2008-09-04
Updated:
2024-01-17

ID:
CVE-2008-2732
Title:
Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow...
Type:
Hardware
Bulletins:
CVE-2008-2732
SFBID30998
Severity:
High
Description:
Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315.
Applies to:
Created:
2008-09-04
Updated:
2024-01-17

ID:
CVE-2008-2734
Title:
Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a...
Type:
Hardware
Bulletins:
CVE-2008-2734
SFBID30998
Severity:
High
Description:
Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472.
Applies to:
Created:
2008-09-04
Updated:
2024-01-17

ID:
CVE-2008-2733
Title:
Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote...
Type:
Hardware
Bulletins:
CVE-2008-2733
SFBID30998
Severity:
High
Description:
Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942.
Applies to:
Created:
2008-09-04
Updated:
2024-01-17

ID:
CVE-2008-2062
Title:
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information...
Type:
Hardware
Bulletins:
CVE-2008-2062
SFBID29935
Severity:
Medium
Description:
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
Applies to:
Unified Communications Manager
Created:
2008-06-26
Updated:
2024-01-17

ID:
CVE-2008-2730
Title:
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and...
Type:
Hardware
Bulletins:
CVE-2008-2730
SFBID29935
Severity:
Medium
Description:
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
Applies to:
Unified Communications Manager
Created:
2008-06-26
Updated:
2024-01-17

ID:
CVE-2008-2061
Title:
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP...
Type:
Hardware
Bulletins:
CVE-2008-2061
SFBID29933
Severity:
High
Description:
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
Applies to:
Unified Communications Manager
Created:
2008-06-26
Updated:
2024-01-17

ID:
MITRE:5578
Title:
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
Type:
Services
Bulletins:
MITRE:5578
CVE-2007-6026
Severity:
High
Description:
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
Applies to:
Microsoft Jet 4.0 Database Engine
Created:
2008-06-23
Updated:
2024-01-17

ID:
CVE-2008-2636
Title:
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many...
Type:
Hardware
Bulletins:
CVE-2008-2636
Severity:
High
Description:
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence.
Applies to:
wrh54g
Created:
2008-06-09
Updated:
2024-01-17

ID:
CVE-2008-2057
Title:
The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a...
Type:
Hardware
Bulletins:
CVE-2008-2057
Severity:
Medium
Description:
The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.
Applies to:
Cisco PIX 500 Firewall Series
Created:
2008-06-04
Updated:
2024-01-17

ID:
CVE-2008-2056
Title:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the...
Type:
Hardware
Bulletins:
CVE-2008-2056
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface.
Applies to:
Cisco PIX 500 Firewall Series
Created:
2008-06-04
Updated:
2024-01-17

ID:
CVE-2008-2059
Title:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2008-2059
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
Applies to:
Cisco PIX 500 Firewall Series
Created:
2008-06-04
Updated:
2024-01-17

ID:
CVE-2008-2058
Title:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.
Type:
Hardware
Bulletins:
CVE-2008-2058
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device.
Applies to:
Cisco PIX 500 Firewall Series
Created:
2008-06-04
Updated:
2024-01-17

ID:
CVE-2008-2055
Title:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.
Type:
Hardware
Bulletins:
CVE-2008-2055
Severity:
High
Description:
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.
Applies to:
Cisco PIX 500 Firewall Series
Created:
2008-06-04
Updated:
2024-01-17

ID:
CVE-2008-1159
Title:
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
Type:
Hardware
Bulletins:
CVE-2008-1159
SFBID29314
Severity:
High
Description:
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
Applies to:
Created:
2008-05-22
Updated:
2024-01-17

ID:
CVE-2008-1747
Title:
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via...
Type:
Hardware
Bulletins:
CVE-2008-1747
SFBID29221
Severity:
High
Description:
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.
Applies to:
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1746
Title:
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and...
Type:
Hardware
Bulletins:
CVE-2008-1746
SFBID29221
Severity:
High
Description:
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.
Applies to:
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1744
Title:
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via...
Type:
Hardware
Bulletins:
CVE-2008-1744
SFBID29221
Severity:
High
Description:
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1743
Title:
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service...
Type:
Hardware
Bulletins:
CVE-2008-1743
SFBID29221
Severity:
High
Description:
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
Applies to:
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1742
Title:
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of...
Type:
Hardware
Bulletins:
CVE-2008-1742
SFBID29221
Severity:
High
Description:
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
Applies to:
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1748
Title:
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service...
Type:
Hardware
Bulletins:
CVE-2008-1748
SFBID29221
Severity:
High
Description:
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
Applies to:
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1745
Title:
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
Type:
Hardware
Bulletins:
CVE-2008-1745
SFBID29221
Severity:
High
Description:
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
Applies to:
Unified Communications Manager
Created:
2008-05-16
Updated:
2024-01-17

ID:
CVE-2008-1154
Title:
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not...
Type:
Hardware
Bulletins:
CVE-2008-1154
SFBID28591
Severity:
High
Description:
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
Applies to:
Unified Communications Manager
Created:
2008-04-04
Updated:
2024-01-17

ID:
CVE-2008-1156
Title:
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree...
Type:
Hardware
Bulletins:
CVE-2008-1156
SFBID28464
Severity:
Medium
Description:
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
Applies to:
Created:
2008-03-27
Updated:
2024-01-17

ID:
CVE-2008-1150
Title:
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB)...
Type:
Hardware
Bulletins:
CVE-2008-1150
SFBID28460
Severity:
High
Description:
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
Applies to:
Created:
2008-03-27
Updated:
2024-01-17

ID:
CVE-2008-1152
Title:
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
Type:
Hardware
Bulletins:
CVE-2008-1152
SFBID28465
Severity:
High
Description:
The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets.
Applies to:
Created:
2008-03-27
Updated:
2024-01-17

ID:
CVE-2008-1151
Title:
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated...
Type:
Hardware
Bulletins:
CVE-2008-1151
SFBID28460
Severity:
High
Description:
Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566.
Applies to:
Created:
2008-03-27
Updated:
2024-01-17

ID:
CVE-2008-1153
Title:
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
Type:
Hardware
Bulletins:
CVE-2008-1153
SFBID28461
Severity:
High
Description:
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
Applies to:
Created:
2008-03-27
Updated:
2024-01-17

ID:
CVE-2007-6709
Title:
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Type:
Hardware
Bulletins:
CVE-2007-6709
Severity:
High
Description:
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
Applies to:
wag54gs
Created:
2008-03-13
Updated:
2024-01-17

ID:
CVE-2007-6707
Title:
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than...
Type:
Hardware
Bulletins:
CVE-2007-6707
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574.
Applies to:
wag54gs
Created:
2008-03-13
Updated:
2024-01-17

ID:
CVE-2007-6708
Title:
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an...
Type:
Hardware
Bulletins:
CVE-2007-6708
Severity:
Medium
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.
Applies to:
wag54gs
Created:
2008-03-13
Updated:
2024-01-17

ID:
CVE-2008-1247
Title:
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2)...
Type:
Hardware
Bulletins:
CVE-2008-1247
SFBID28381
Severity:
High
Description:
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
Applies to:
wrt54g
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1263
Title:
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
Type:
Hardware
Bulletins:
CVE-2008-1263
Severity:
Medium
Description:
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
Applies to:
wrt54g
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1264
Title:
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
Type:
Hardware
Bulletins:
CVE-2008-1264
Severity:
High
Description:
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
Applies to:
wrt54g
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1265
Title:
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
Type:
Hardware
Bulletins:
CVE-2008-1265
Severity:
High
Description:
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
Applies to:
wrt54g
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1268
Title:
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
Type:
Hardware
Bulletins:
CVE-2008-1268
Severity:
High
Description:
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
Applies to:
wrt54g 7
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1266
Title:
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name...
Type:
Hardware
Bulletins:
CVE-2008-1266
SFBID28439
Severity:
High
Description:
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.
Applies to:
DI-524
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1243
Title:
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
Type:
Hardware
Bulletins:
CVE-2008-1243
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI.
Applies to:
wrt300n
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1258
Title:
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
Type:
Hardware
Bulletins:
CVE-2008-1258
SFBID28439
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
Applies to:
DI-604
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-1253
Title:
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the...
Type:
Hardware
Bulletins:
CVE-2008-1253
SFBID28439
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page.
Applies to:
DSL-G604T
Created:
2008-03-10
Updated:
2024-01-17

ID:
CVE-2008-0026
Title:
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and...
Type:
Hardware
Bulletins:
CVE-2008-0026
SFBID27775
Severity:
Medium
Description:
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2008-02-14
Updated:
2024-01-17

ID:
MITRE:3622
Title:
Windows Media Format Remote Code Execution Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:3622
CVE-2007-0064
Severity:
High
Description:
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Applies to:
Windows Media Format Runtime 11
Windows Media Format Runtime 7.1
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Created:
2008-02-04
Updated:
2024-01-17

ID:
CVE-2008-0028
Title:
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2008-0028
SFBID27418
Severity:
High
Description:
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2008-01-23
Updated:
2024-01-17

ID:
REF000657
Title:
IM installed: Yahoo! Messenger
Type:
Software
Bulletins: Severity:
Low
Description:
Yahoo Messenger instant messaging client is installed.
Applies to:
Yahoo Messenger
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000661
Title:
IM installed: Windows Live Messenger
Type:
Software
Bulletins: Severity:
Low
Description:
Windows Live Messenger instant messaging client is installed.
Applies to:
Windows Live Messenger
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000658
Title:
IM installed: Trillian
Type:
Software
Bulletins: Severity:
Low
Description:
Trillian instant messaging client is installed.
Applies to:
Trillian
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000659
Title:
IM installed: Skype
Type:
Software
Bulletins: Severity:
Low
Description:
Skype instant messaging client is installed.
Applies to:
Skype
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000662
Title:
IM installed: Pidgin
Type:
Software
Bulletins: Severity:
Low
Description:
Pidgin instant messaging client is installed.
Applies to:
Pidgin
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000656
Title:
IM installed: ICQ
Type:
Software
Bulletins: Severity:
Low
Description:
ICQ instant messaging client is installed.
Applies to:
ICQ
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000655
Title:
IM installed: Google Talk
Type:
Software
Bulletins: Severity:
Low
Description:
Google Talk instant messaging client is installed.
Applies to:
Google Talk
Created:
2008-01-17
Updated:
2010-08-21

ID:
REF000660
Title:
IM installed: Gizmo
Type:
Software
Bulletins: Severity:
Low
Description:
Gizmo instant messaging client is installed.
Applies to:
Gizmo
Created:
2008-01-17
Updated:
2010-08-21

ID:
CVE-2008-0027
Title:
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows...
Type:
Hardware
Bulletins:
CVE-2008-0027
SFBID27313
Severity:
High
Description:
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2008-01-16
Updated:
2024-01-17

ID:
CVE-2007-0588
Title:
SANS07C4:Apple QuickDraw on Mac OSX 10.4.8 and earlier allows remote denial of service
Type:
Software
Bulletins:
CVE-2007-0588
SFBID22228
Severity:
High
Description:
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function.
Applies to:
Apple QuickDraw
Created:
2008-01-11
Updated:
2024-01-17

ID:
CVE-2007-0466
Title:
SANS07C4: Telestream Flip4Mac WMV for Quicktime 2.1.0.33 remote code execution vulnerability
Type:
Software
Bulletins:
CVE-2007-0466
SFBID22286
Severity:
High
Description:
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
Applies to:
Telestream Flip4Mac WMV
Created:
2008-01-11
Updated:
2024-01-17

ID:
CVE-2007-0731
Title:
SANS07S3: Samba module in Apple Mac OS X buffer overflow
Type:
Services
Bulletins:
CVE-2007-0731
SFBID22948
Severity:
High
Description:
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.3.9 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
Applies to:
Apple Mac OS X
Created:
2008-01-10
Updated:
2024-01-17

ID:
CVE-2006-6652
Title:
SANS07S3: Buffer overflow in libc used in FTP daemon and tnftpd in Apple Mac OS X
Type:
Services
Bulletins:
CVE-2006-6652
SFBID21377
Severity:
High
Description:
Buffer overflow in the glob implementation (glob.c) in libc in Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
Applies to:
FTP
Created:
2008-01-10
Updated:
2024-01-17

ID:
CVE-2007-0776
Title:
SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8
Type:
Web
Bulletins:
CVE-2007-0776
CVE-2007-0777
CVE-2007-0779
CVE-2007-0981
CVE-2007-1092
CVE-2007-2292
CVE-2007-2867
CVE-2007-3734
CVE-2007-3735
CVE-2007-3737
CVE-2007-3738
CVE-2007-3845
CVE-2007-4841
CVE-2007-5338
CVE-2006-4565
CVE-2006-4571
CVE-2006-5463
CVE-2006-5747
SFBID26132
SFBID20957
SFBID20042
SFBID25543
SFBID22679
SFBID24946
SFBID24242
SFBID22694
SFBID23668
SFBID22566
SFBID21668
Severity:
High
Description:
Multiple vulnerabilities exist in Mozilla Firefox versions earlier than 2.0.0.8. These include remote execution of arbitrary code, denial of service, and spoofing of GUI elements.
Applies to:
Mozilla Firefox
Created:
2008-01-10
Updated:
2024-01-17

ID:
CVE-2008-0228
Title:
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
Type:
Hardware
Bulletins:
CVE-2008-0228
Severity:
High
Description:
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
Applies to:
wrt54gl
Created:
2008-01-10
Updated:
2024-01-17

ID:
CVE-2006-0994
Title:
SANS07S5: Sophos Anti-Virus products allow remote code execution via crafted CAB
Type:
Software
Bulletins:
CVE-2006-0994
SFBID17876
Severity:
High
Description:
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.
Applies to:
Sophos Anti-Virus
Created:
2008-01-08
Updated:
2024-01-17

ID:
CVE-2006-6335
Title:
SANS07S5: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40
Type:
Software
Bulletins:
CVE-2006-6335
SFBID21563
Severity:
High
Description:
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.
Applies to:
Sophos Anti-Virus
Created:
2008-01-08
Updated:
2024-01-17

ID:
CVE-2007-3509
Title:
SANS07S4: Buffer overflow in Symantec/Veritas Backup Exec
Type:
Software
Bulletins:
CVE-2007-3509
SFBID23897
Severity:
High
Description:
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
Applies to:
Symantec/Veritas Backup Exec
Created:
2008-01-07
Updated:
2024-01-17

ID:
REF000618
Title:
IM installed: xchat installed
Type:
Software
Bulletins: Severity:
Low
Description:
Xchat instant messaging client installed.
Applies to:
Created:
2008-01-07
Updated:
2010-08-21

ID:
REF000617
Title:
IM installed: konversation installed
Type:
Software
Bulletins: Severity:
Low
Description:
Koversation instant messaging client installed.
Applies to:
Created:
2008-01-07
Updated:
2010-08-21

ID:
CVE-2007-2974
Title:
SANS07S5: Multiple Vulnerabilities in Avira AntiVir
Type:
Software
Bulletins:
CVE-2007-2974
CVE-2007-2973
CVE-2007-2972
CVE-2007-1671
SFBID23823
SFBID24187
SFBID24239
Severity:
High
Description:
Multiple vulnerabilities exist in Avira AntiVir antivirus engine prior to 7.04.00.24 and avpack prior to 7.03.00.09.
Applies to:
Avira AntiVir
Created:
2008-01-03
Updated:
2024-01-17

ID:
CVE-2007-3509
Title:
SANS07S4: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers
Type:
Services
Bulletins:
CVE-2007-3509
SFBID23897
Severity:
High
Description:
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
Applies to:
Symantec Backup Exec for Windows Servers
Created:
2008-01-03
Updated:
2024-01-17

ID:
REF000584
Title:
Config pam: no bruteforce protection configured
Type:
Services
Bulletins: Severity:
Low
Description:
No PAM brute-force protection modules detected. Modules pam_abl and pam_al missing.
Applies to:
Created:
2008-01-03
Updated:
2010-08-21

ID:
CVE-2007-2139
Title:
SANS07S4: Multiple unspecified vulnerabilities in mediasvr and caloggerd in CA BrightStor ARCServe Backup
Type:
Services
Bulletins:
CVE-2007-2139
SFBID23635
Severity:
High
Description:
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings.
Applies to:
CA BrightStor ARCServe Backup
Created:
2007-12-21
Updated:
2024-01-17

ID:
REF000653
Title:
MP installed: VLC browser plug-in is installed
Type:
Software
Bulletins: Severity:
Low
Description:
VLC Media Plugin for internet browsers is installed.
Applies to:
Created:
2007-12-20
Updated:
2010-08-21

ID:
REF000651
Title:
MP installed: MPlayer browser plug-in is installed
Type:
Software
Bulletins: Severity:
Low
Description:
MPlayer Media Plugin for internet browsers is installed.
Applies to:
Created:
2007-12-20
Updated:
2010-08-21

ID:
REF000652
Title:
MP installed: HelixPlayer browser plug-in is installed
Type:
Software
Bulletins: Severity:
Low
Description:
HelixPlayer Media Plugin for internet browsers is installed.
Applies to:
Created:
2007-12-20
Updated:
2010-08-21

ID:
REF000654
Title:
MP installed: GCJ java browser plug-in is installed
Type:
Software
Bulletins: Severity:
Low
Description:
Java Media Plugin for internet browsers is installed.
Applies to:
Created:
2007-12-20
Updated:
2010-08-21

ID:
REF000650
Title:
MP installed: Flash browser plug-in is installed
Type:
Software
Bulletins: Severity:
Low
Description:
Flash Media Plugin for internet browsers is installed.
Applies to:
Created:
2007-12-20
Updated:
2010-08-21

ID:
CVE-2006-5339
Title:
SANS07S7: Multiple vulnerabilities in Oracle 8.1.7.4
Type:
Services
Bulletins:
CVE-2006-5339
CVE-2006-5340
CVE-2006-5344
CVE-2007-0272
SFBID20588
SFBID22083
Severity:
High
Description:
Multiple vulnerabilities exist in Oracle 8.1.7.4, including buffer overflows, and multiple unspecified vulnerabilities.
Applies to:
Oracle Database 8i
Created:
2007-12-17
Updated:
2024-01-17

ID:
CVE-2007-1086
Title:
SANS07S7: Multiple vulnerabilities in IBM DB2
Type:
Services
Bulletins:
CVE-2007-1086
CVE-2007-1087
CVE-2007-1088
CVE-2007-1089
CVE-2007-2582
CVE-2007-5652
SFBID22677
SFBID26010
SFBID23890
SFBID26450
Severity:
High
Description:
Multiple vulnerabilities exist in IBM DB2 before version 9.1 FixPack4. These include execution of arbitrary code, creation and modification of arbitrary files, and execution of unauthorized SQL commands.
Applies to:
IBM DB2
Created:
2007-12-17
Updated:
2024-01-17

ID:
CVE-2007-6372
Title:
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.
Type:
Hardware
Bulletins:
CVE-2007-6372
SFBID26869
Severity:
High
Description:
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.
Applies to:
Created:
2007-12-14
Updated:
2024-01-17

ID:
CVE-2006-5332
Title:
SANS07S7: Multiple vulnerabilities in Oracle Database 9i
Type:
Services
Bulletins:
CVE-2006-5332
CVE-2006-5334
CVE-2006-5336
CVE-2006-5339
CVE-2006-5340
CVE-2006-5341
CVE-2006-5342
CVE-2006-5344
CVE-2006-5345
CVE-2007-0272
CVE-2007-2118
CVE-2007-5506
SFBID20588
SFBID22083
SFBID23532
Severity:
High
Description:
Multiple vulnerabilities exist in some versions of Oracle Database Server 9i. It is recommended to update to the latest versions or apply the latest patches.
Applies to:
Oracle Database 9i
Created:
2007-12-14
Updated:
2024-01-17

ID:
CVE-2006-5332
Title:
SANS07S7: Multiple vulnerabilities in Oracle Database 10g
Type:
Services
Bulletins:
CVE-2006-5332
CVE-2006-5333
CVE-2006-5334
CVE-2006-5335
CVE-2006-5336
CVE-2006-5339
CVE-2006-5340
CVE-2006-5341
CVE-2006-5342
CVE-2006-5343
CVE-2006-5344
CVE-2006-5345
CVE-2007-0272
CVE-2007-1442
CVE-2007-2113
CVE-2007-5506
SFBID20588
SFBID22083
SFBID23532
SFBID22905
Severity:
High
Description:
Multiple vulnerabilities exist in some versions of Oracle Database Server 10g. It is recommended to update to the latest versions or apply the latest patches.
Applies to:
Oracle Database 10g
Created:
2007-12-14
Updated:
2024-01-17

ID:
CVE-2007-1680
Title:
SANS07A1: Stack-based buffer overflow in Yahoo! Messenger before 20070313
Type:
Software
Bulletins:
CVE-2007-1680
SFBID23291
Severity:
High
Description:
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before March 13, 2007, allows remote attackers to execute arbitrary code via long socksHostname and hostname properties.
Applies to:
Created:
2007-12-14
Updated:
2024-01-17

ID:
CVE-2007-2418
Title:
SANS07A1: Multiple buffer overflow vulnerabilities in Trillian earlier than 3.1.7.0
Type:
Software
Bulletins:
CVE-2007-2418
CVE-2007-2478
CVE-2007-3832
CVE-2007-3305
SFBID23781
SFBID23730
SFBID24927
SFBID24523
Severity:
High
Description:
Multiple buffer overflow vulnerabilities exist in Cerulean Studios Trillian 3.x before 3.1.7.0, allowing remote attackers to execute arbitrary code.
Applies to:
Cerulean Studios Trillian
Created:
2007-12-14
Updated:
2024-01-17

ID:
CVE-2007-0711
Title:
SANS07C4: Multiple vulnerabilities in Apple Quicktime 7.2 and earlier
Type:
Software
Bulletins:
CVE-2007-0711
CVE-2007-0712
CVE-2007-0714
CVE-2007-2295
CVE-2007-2296
CVE-2007-0754
CVE-2007-2389
CVE-2007-2393
CVE-2007-2394
CVE-2007-5045
CVE-2007-4673
SFBID24873
SFBID22827
SFBID22844
SFBID25913
SFBID23652
SFBID23923
SFBID23650
SFBID24222
Severity:
High
Description:
Multiple vulnerabilities exist in Apple Quicktime version 7.2 and earlier. These include possibility of information disclosure and code execution.
Applies to:
Apple QuickTime
Created:
2007-12-11
Updated:
2024-01-17

ID:
CVE-2007-3457
Title:
SANS07C4: Adobe Flash Player 8.0.34.0 and earlier vulnerable to CSRF attack
Type:
Software
Bulletins:
CVE-2007-3457
Severity:
Medium
Description:
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.
Applies to:
Adobe Flash Player
Created:
2007-12-11
Updated:
2024-01-17

ID:
CVE-2007-2497
Title:
SANS07C4: Multiple Vulnerabilities in RealPlayer 10, 10.5 and 11 Beta
Type:
Software
Bulletins:
CVE-2007-2497
CVE-2007-3410
CVE-2007-5601
SFBID23712
SFBID26130
Severity:
High
Description:
Multiple vulnerabilities exist in RealPlayer versions 10.0, 10.5 and 11 Beta. These include remote execution of arbitrary code, and denial of service.
Applies to:
RealPlayer
Created:
2007-12-10
Updated:
2024-01-17

ID:
CVE-2007-3752
Title:
SANS07C4: Buffer overflow in Apple iTunes before 7.4
Type:
Software
Bulletins:
CVE-2007-3752
Severity:
High
Description:
Buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a music file with crafted album cover art.
Applies to:
Apple iTunes
Created:
2007-12-10
Updated:
2024-01-17

ID:
REF000642
Title:
P2P installed: mldonkey installed
Type:
Software
Bulletins: Severity:
Low
Description:
mlDonkey P2P file sharing client installed.
Applies to:
Created:
2007-12-10
Updated:
2010-08-21

ID:
CVE-2007-0044
Title:
SANS07C1: Multiple vulnerabilities in Adobe Reader earlier than 8.0.0
Type:
Software
Bulletins:
CVE-2007-0044
CVE-2007-0046
CVE-2007-0103
CVE-2007-0045
SFBID21858
SFBID21910
Severity:
High
Description:
Multiple vulnerabilities exist in Adobe Reader earlier than 8.0.0, some of which have unknown impact. Known vulnerabilities include denial of service and remote execution of arbitrary code.
Applies to:
Adobe Reader
Created:
2007-12-07
Updated:
2024-01-17

ID:
REF000638
Title:
P2P installed: xmule installed
Type:
Software
Bulletins: Severity:
Low
Description:
xMule P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000636
Title:
P2P installed: transmission installed
Type:
Software
Bulletins: Severity:
Low
Description:
Transmission P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000635
Title:
P2P installed: rtorrent installed
Type:
Software
Bulletins: Severity:
Low
Description:
rTorrent P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000634
Title:
P2P installed: qtella installed
Type:
Software
Bulletins: Severity:
Low
Description:
Qtella P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000643
Title:
P2P installed: napster installed
Type:
Software
Bulletins: Severity:
Low
Description:
Napster P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000646
Title:
P2P installed: nap installed
Type:
Software
Bulletins: Severity:
Low
Description:
Nap P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000640
Title:
P2P installed: mutella installed
Type:
Software
Bulletins: Severity:
Low
Description:
Mutella P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000645
Title:
P2P installed: lopster instaled
Type:
Software
Bulletins: Severity:
Low
Description:
Lopster P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000632
Title:
P2P installed: ktorrent installed
Type:
Software
Bulletins: Severity:
Low
Description:
Ktorrent P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000633
Title:
P2P installed: kommute installed
Type:
Software
Bulletins: Severity:
Low
Description:
Komute P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000641
Title:
P2P installed: knapster installed
Type:
Software
Bulletins: Severity:
Low
Description:
Knapster P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000647
Title:
P2P installed: gtk-gnutella installed
Type:
Software
Bulletins: Severity:
Low
Description:
GTK-Gnutella P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000644
Title:
P2P installed: gnut installed
Type:
Software
Bulletins: Severity:
Low
Description:
Gnut P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000631
Title:
P2P installed: gnunet installed
Type:
Software
Bulletins: Severity:
Low
Description:
GnuNet P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000630
Title:
P2P installed: deluge installed
Type:
Software
Bulletins: Severity:
Low
Description:
Deluge P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000637
Title:
P2P installed: dctc installed
Type:
Software
Bulletins: Severity:
Low
Description:
DCtc P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000629
Title:
P2P installed: ctorrent installed
Type:
Software
Bulletins: Severity:
Low
Description:
cTorrent P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000628
Title:
P2P installed: bittorrent installed
Type:
Software
Bulletins: Severity:
Low
Description:
BitTorrent P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000627
Title:
P2P installed: bittornado installed
Type:
Software
Bulletins: Severity:
Low
Description:
BitTornado P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000649
Title:
P2P installed: bitstormlite installed
Type:
Software
Bulletins: Severity:
Low
Description:
BitStormLite P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000626
Title:
P2P installed: azureus installed
Type:
Software
Bulletins: Severity:
Low
Description:
Azureus P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000639
Title:
P2P installed: apollon installed
Type:
Software
Bulletins: Severity:
Low
Description:
Apollon P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000648
Title:
P2P installed: amule installed
Type:
Software
Bulletins: Severity:
Low
Description:
aMule P2P file sharing client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000624
Title:
IM installed: ytalk installed
Type:
Software
Bulletins: Severity:
Low
Description:
Ytalk instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000621
Title:
IM installed: yahoo messenger installed
Type:
Software
Bulletins: Severity:
Low
Description:
Yahoo Messenger instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000622
Title:
IM installed: trebuchet installed
Type:
Software
Bulletins: Severity:
Low
Description:
Trebuchet instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000623
Title:
IM installed: talk installed
Type:
Software
Bulletins: Severity:
Low
Description:
Talk instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000601
Title:
IM installed: skype installed
Type:
Software
Bulletins: Severity:
Low
Description:
Skype instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000615
Title:
IM installed: sircd installed
Type:
Software
Bulletins: Severity:
Low
Description:
sIRCd instant messaging server installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000614
Title:
IM installed: sim installed
Type:
Software
Bulletins: Severity:
Low
Description:
Sim instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000613
Title:
IM installed: psi installed
Type:
Software
Bulletins: Severity:
Low
Description:
PSI instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000612
Title:
IM installed: pidgin installed
Type:
Software
Bulletins: Severity:
Low
Description:
Pidgin instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000611
Title:
IM installed: micq installed
Type:
Software
Bulletins: Severity:
Low
Description:
mICQ instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000610
Title:
IM installed: lostirc installed
Type:
Software
Bulletins: Severity:
Low
Description:
LostIRC instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000609
Title:
IM installed: licq installed
Type:
Software
Bulletins: Severity:
Low
Description:
LICQ instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000608
Title:
IM installed: kxicq installed
Type:
Software
Bulletins: Severity:
Low
Description:
KxICQ instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000620
Title:
IM installed: kopete installed
Type:
Software
Bulletins: Severity:
Low
Description:
Kopete instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000616
Title:
IM installed: kicq installed
Type:
Software
Bulletins: Severity:
Low
Description:
KICQ instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000607
Title:
IM installed: kadu installed
Type:
Software
Bulletins: Severity:
Low
Description:
Kadu instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000606
Title:
IM installed: jabbin installed
Type:
Software
Bulletins: Severity:
Low
Description:
Jabin instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000605
Title:
IM installed: jabber installed
Type:
Software
Bulletins: Severity:
Low
Description:
Jabber instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000604
Title:
IM installed: gossip installed
Type:
Software
Bulletins: Severity:
Low
Description:
Gossip instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000603
Title:
IM installed: gnu gadu installed
Type:
Software
Bulletins: Severity:
Low
Description:
GNU Gadu instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000619
Title:
IM installed: gaim installed
Type:
Software
Bulletins: Severity:
Low
Description:
Gaim instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000625
Title:
IM installed: gabber installed
Type:
Software
Bulletins: Severity:
Low
Description:
Gabber instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000602
Title:
IM installed: epic installed
Type:
Software
Bulletins: Severity:
Low
Description:
Epic instant messaging client installed.
Applies to:
Created:
2007-12-06
Updated:
2010-08-21

ID:
REF000663
Title:
Config laptop: swap partition not encrypted
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
Computer was identified as a laptop. No encryption was detected on the swap partition.
Applies to:
Created:
2007-12-05
Updated:
2010-08-21

ID:
REF000665
Title:
Config laptop: root partition not encypted
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
Computer was identified as a laptop. No encryption was detected on the root partition.
Applies to:
Created:
2007-12-05
Updated:
2010-08-21

ID:
REF000664
Title:
Config laptop: home partition not encrypted
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
Computer was identified as a laptop. No encryption was detected on the home partition.
Applies to:
Created:
2007-12-05
Updated:
2010-08-21

ID:
CVE-2007-2867
Title:
SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 2.x earlier than 2.0.0.6
Type:
Mail
Bulletins:
CVE-2007-2867
CVE-2007-3734
CVE-2007-3735
CVE-2007-3845
SFBID24242
SFBID24946
Severity:
High
Description:
Mozilla Thunderbird 2.x versions earlier than 2.0.0.6 are vulnerable to remote denial of service attacks and remote execution of arbitrary commands.
Applies to:
Mozilla Thunderbird
Created:
2007-12-04
Updated:
2024-01-17

ID:
CVE-2007-0777
Title:
SANS07C3: Multiple Vulnerabilities in Mozilla Thunderbird 1.5.x earlier than 1.5.0.13
Type:
Mail
Bulletins:
CVE-2007-0777
CVE-2007-2867
CVE-2007-3845
CVE-2006-4565
CVE-2006-4571
CVE-2006-5463
CVE-2006-5747
CVE-2006-6502
CVE-2007-1282
SFBID22694
SFBID24242
SFBID21668
SFBID20042
SFBID20957
SFBID22845
Severity:
High
Description:
Mozilla Thunderbird 1.5.x versions earlier than 1.5.0.13 are vulnerable to remote denial of service attacks and remote execution of arbitrary commands.
Applies to:
Mozilla Thunderbird
Created:
2007-12-04
Updated:
2024-01-17

ID:
CVE-2007-0981
Title:
SANS07C1: Multiple Vulnerabilities in SeaMonkey earlier than 1.1.5
Type:
Web
Bulletins:
CVE-2007-0981
CVE-2007-1092
CVE-2007-5338
CVE-2006-4565
CVE-2006-4571
CVE-2006-5463
CVE-2006-5747
CVE-2006-6502
CVE-2006-6504
CVE-2007-0777
CVE-2007-0779
CVE-2007-1282
CVE-2007-2867
CVE-2007-3845
SFBID22694
SFBID22566
SFBID22679
SFBID24242
SFBID26132
SFBID24242
SFBID21668
SFBID22845
SFBID20957
SFBID20042
Severity:
High
Description:
Multiple vulnerabilities exist in SeaMonkey versions earlier than 1.1.5. These include remote execution of arbitrary code, denial of service, and spoofing of GUI elements.
Applies to:
SeaMonkey
Created:
2007-12-04
Updated:
2024-01-17

ID:
CVE-2007-0776
Title:
SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8
Type:
Web
Bulletins:
CVE-2007-0776
CVE-2007-0777
CVE-2007-0779
CVE-2007-0981
CVE-2007-1092
CVE-2007-2292
CVE-2007-2867
CVE-2007-3734
CVE-2007-3735
CVE-2007-3737
CVE-2007-3738
CVE-2007-3845
CVE-2007-4841
CVE-2007-5338
CVE-2006-4565
CVE-2006-4571
CVE-2006-5463
CVE-2006-5747
SFBID26132
SFBID20957
SFBID20042
SFBID25543
SFBID22679
SFBID24946
SFBID24242
SFBID22694
SFBID23668
SFBID22566
SFBID21668
Severity:
High
Description:
Multiple vulnerabilities exist in Mozilla Firefox versions earlier than 2.0.0.8. These include remote execution of arbitrary code, denial of service, and spoofing of GUI elements.
Applies to:
Mozilla Firefox
Created:
2007-12-04
Updated:
2024-01-17

ID:
REF000578
Title:
Config yum-updatesd: auto-updating disabled
Type:
Services
Bulletins: Severity:
Low
Description:
yum-updatesd auto-update is disabled. See /etc/yum/yum-updatesd.conf for details.
Applies to:
Created:
2007-12-04
Updated:
2010-08-21

ID:
REF000580
Title:
Config yum-updatesd: auto-resolving dependencies disabled
Type:
Services
Bulletins: Severity:
Low
Description:
yum-updatesd auto-resolving of update dependencies is disabled. See /etc/yum/yum-updatesd.conf for details.
Applies to:
Created:
2007-12-04
Updated:
2010-08-21

ID:
REF000579
Title:
Config yum-updatesd: auto-downloading disabled
Type:
Services
Bulletins: Severity:
Low
Description:
yum-updatesd update auto-downloading is disabled. See /etc/yum/yum-updatesd.conf for details.
Applies to:
Created:
2007-12-04
Updated:
2010-08-21

ID:
REF000583
Title:
Config apt: update notification disabled
Type:
Services
Bulletins: Severity:
Low
Description:
apt-update notification is disabled.
Applies to:
Created:
2007-12-04
Updated:
2010-08-21

ID:
REF000582
Title:
Config apt: daily job disabled
Type:
Services
Bulletins: Severity:
Low
Description:
apt daily update job is disabled, /etc/cron.daily/apt is missing.
Applies to:
Created:
2007-12-04
Updated:
2010-08-21

ID:
REF000581
Title:
Config apt: auto-updating package lists disabled
Type:
Services
Bulletins: Severity:
Low
Description:
apt auto-updating package lists is disabled. See /etc/apt/apt.conf.d/10periodic and /etc/apt/apt.conf.d/15adept-periodic-update for details.
Applies to:
Created:
2007-12-04
Updated:
2010-08-21

ID:
REF000577
Title:
Config yum-updatesd: start on boot disabled
Type:
Services
Bulletins: Severity:
Low
Description:
yum-updatesd is installed but not activated during init3 or init5 startup. See 'chkconfig --list' output for details.
Applies to:
Created:
2007-12-03
Updated:
2010-08-21

ID:
CVE-2007-5020
Title:
APSB07-18: Adobe Acrobat mailto: vulnerability
Type:
Software
Bulletins:
CVE-2007-5020
SFBID25748
Severity:
High
Description:
Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1.
Applies to:
Created:
2007-10-30
Updated:
2024-01-17

ID:
CVE-2007-5651
Title:
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and...
Type:
Hardware
Bulletins:
CVE-2007-5651
SFBID26139
Severity:
High
Description:
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet.
Applies to:
Created:
2007-10-23
Updated:
2024-01-17

ID:
CVE-2007-5549
Title:
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as...
Type:
Hardware
Bulletins:
CVE-2007-5549
Severity:
Low
Description:
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5550
Title:
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no...
Type:
Hardware
Bulletins:
CVE-2007-5550
Severity:
Medium
Description:
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5551
Title:
Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information....
Type:
Hardware
Bulletins:
CVE-2007-5551
Severity:
High
Description:
Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5548
Title:
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory...
Type:
Hardware
Bulletins:
CVE-2007-5548
Severity:
Medium
Description:
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5552
Title:
Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known...
Type:
Hardware
Bulletins:
CVE-2007-5552
Severity:
High
Description:
Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5547
Title:
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague...
Type:
Hardware
Bulletins:
CVE-2007-5547
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5569
Title:
Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.
Type:
Hardware
Bulletins:
CVE-2007-5569
SFBID26104
Severity:
High
Description:
Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.
Applies to:
Created:
2007-10-18
Updated:
2024-01-17

ID:
CVE-2007-5537
Title:
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers...
Type:
Hardware
Bulletins:
CVE-2007-5537
SFBID26105
Severity:
High
Description:
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2007-10-17
Updated:
2024-01-17

ID:
CVE-2007-5538
Title:
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of...
Type:
Hardware
Bulletins:
CVE-2007-5538
SFBID26105
Severity:
High
Description:
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2007-10-17
Updated:
2024-01-17

ID:
CVE-2007-5468
Title:
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof...
Type:
Hardware
Bulletins:
CVE-2007-5468
SFBID26057
Severity:
Medium
Description:
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").
Applies to:
Cisco Call Manager
Created:
2007-10-15
Updated:
2024-01-17

ID:
CVE-2007-5381
Title:
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message...
Type:
Hardware
Bulletins:
CVE-2007-5381
SFBID26001
Severity:
High
Description:
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.
Applies to:
Created:
2007-10-11
Updated:
2024-01-17

ID:
CVE-2007-4634
Title:
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands...
Type:
Hardware
Bulletins:
CVE-2007-4634
SFBID25480
Severity:
High
Description:
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
Applies to:
Cisco Call Manager
Unified Communications Manager
Created:
2007-08-31
Updated:
2024-01-17

ID:
CVE-2007-4633
Title:
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web...
Type:
Hardware
Bulletins:
CVE-2007-4633
SFBID25480
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
Applies to:
Cisco Call Manager
Unified Communications Manager
Created:
2007-08-31
Updated:
2024-01-17

ID:
CVE-2007-4632
Title:
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass...
Type:
Hardware
Bulletins:
CVE-2007-4632
SFBID25482
Severity:
Medium
Description:
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
Applies to:
Created:
2007-08-31
Updated:
2024-01-17

ID:
CVE-2007-4430
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE:...
Type:
Hardware
Bulletins:
CVE-2007-4430
SFBID25352
Severity:
Medium
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
Applies to:
Created:
2007-08-20
Updated:
2024-01-17

ID:
CVE-2007-4294
Title:
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
Type:
Hardware
Bulletins:
CVE-2007-4294
SFBID25239
Severity:
Medium
Description:
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
Applies to:
Unified Communications Manager
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4285
Title:
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or...
Type:
Hardware
Bulletins:
CVE-2007-4285
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
Applies to:
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4295
Title:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
Type:
Hardware
Bulletins:
CVE-2007-4295
SFBID25239
Severity:
Medium
Description:
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
Applies to:
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4292
Title:
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007,...
Type:
Hardware
Bulletins:
CVE-2007-4292
SFBID25239
Severity:
High
Description:
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.
Applies to:
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4291
Title:
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with...
Type:
Hardware
Bulletins:
CVE-2007-4291
SFBID25239
Severity:
High
Description:
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
Applies to:
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4293
Title:
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
Type:
Hardware
Bulletins:
CVE-2007-4293
SFBID25239
Severity:
High
Description:
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
Applies to:
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4286
Title:
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
Type:
Hardware
Bulletins:
CVE-2007-4286
SFBID25238
Severity:
High
Description:
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
Applies to:
Created:
2007-08-09
Updated:
2024-01-17

ID:
CVE-2007-4263
Title:
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2007-4263
SFBID25240
Severity:
High
Description:
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
Applies to:
Created:
2007-08-08
Updated:
2024-01-17

ID:
CVE-2007-4011
Title:
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or...
Type:
Hardware
Bulletins:
CVE-2007-4011
SFBID25043
Severity:
High
Description:
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.
Applies to:
Created:
2007-07-25
Updated:
2024-01-17

ID:
CVE-2007-4012
Title:
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a...
Type:
Hardware
Bulletins:
CVE-2007-4012
SFBID25043
Severity:
High
Description:
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374.
Applies to:
Created:
2007-07-25
Updated:
2024-01-17

ID:
CVE-2007-3944
Title:
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute...
Type:
Mobile Devices
Bulletins:
CVE-2007-3944
SFBID25002
Severity:
High
Description:
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
Applies to:
Created:
2007-07-23
Updated:
2024-01-17

ID:
CVE-2007-3775
Title:
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1)...
Type:
Hardware
Bulletins:
CVE-2007-3775
SFBID24867
Severity:
High
Description:
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
Applies to:
Unified Communications Manager
Created:
2007-07-15
Updated:
2024-01-17

ID:
CVE-2006-5277
Title:
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that...
Type:
Hardware
Bulletins:
CVE-2006-5277
SFBID24868
Severity:
High
Description:
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2007-07-15
Updated:
2024-01-17

ID:
CVE-2006-5278
Title:
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets,...
Type:
Hardware
Bulletins:
CVE-2006-5278
SFBID24868
Severity:
High
Description:
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Applies to:
Unified Callmanager
Unified Communications Manager
Created:
2007-07-15
Updated:
2024-01-17

ID:
CVE-2007-3776
Title:
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings,...
Type:
Hardware
Bulletins:
CVE-2007-3776
SFBID24867
Severity:
Medium
Description:
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
Applies to:
Unified Communications Manager
Created:
2007-07-15
Updated:
2024-01-17

ID:
MITRE:1670
Title:
CAPICOM.Certificates Vulnerability
Type:
Software
Bulletins:
MITRE:1670
CVE-2007-0940
Severity:
High
Description:
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
Applies to:
Microsoft Capicom
Created:
2007-07-10
Updated:
2024-01-17

ID:
CVE-2007-3574
Title:
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3)...
Type:
Hardware
Bulletins:
CVE-2007-3574
SFBID24682
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.
Applies to:
wag54gs
Created:
2007-07-05
Updated:
2024-01-17

ID:
CVE-2007-3348
Title:
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
Type:
Hardware
Bulletins:
CVE-2007-3348
SFBID24538
Severity:
High
Description:
The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.
Applies to:
DPH-540
DPH-541
Created:
2007-06-22
Updated:
2024-01-17

ID:
CVE-2007-3347
Title:
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
Type:
Hardware
Bulletins:
CVE-2007-3347
SFBID24560
Severity:
High
Description:
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.
Applies to:
DPH-540
DPH-541
Created:
2007-06-22
Updated:
2024-01-17

ID:
CVE-2007-2832
Title:
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via...
Type:
Hardware
Bulletins:
CVE-2007-2832
SFBID24119
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Applies to:
Cisco Call Manager
Created:
2007-05-23
Updated:
2024-01-17

ID:
MITRE:2001
Title:
CMS Memory Corruption Vulnerability
Type:
Software
Bulletins:
MITRE:2001
CVE-2007-0938
Severity:
High
Description:
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
Applies to:
Microsoft Content Management Server 2001
Microsoft Content Management Server 2002
Created:
2007-05-23
Updated:
2024-01-17

ID:
MITRE:1575
Title:
CMS Cross-Site Scripting and Spoofing Vulnerability
Type:
Software
Bulletins:
MITRE:1575
CVE-2007-0939
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
Applies to:
Microsoft Content Management Server 2001
Microsoft Content Management Server 2002
Created:
2007-05-23
Updated:
2024-01-17

ID:
CVE-2007-2813
Title:
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
Type:
Hardware
Bulletins:
CVE-2007-2813
SFBID24097
Severity:
High
Description:
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
Applies to:
Created:
2007-05-22
Updated:
2024-01-17

ID:
CVE-2007-2734
Title:
The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.
Type:
Hardware
Bulletins:
CVE-2007-2734
Severity:
High
Description:
The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.
Applies to:
TippingPoint 200
TippingPoint 2000E
TippingPoint 2400E
TippingPoint 50
TippingPoint 5000E
TippingPoint 600E
Created:
2007-05-16
Updated:
2024-01-17

ID:
CVE-2007-2688
Title:
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
Type:
Hardware
Bulletins:
CVE-2007-2688
SFBID23980
Severity:
High
Description:
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
Applies to:
Created:
2007-05-15
Updated:
2024-01-17

ID:
REF000467
Title:
AutoRun is enabled
Type:
Miscellaneous
Bulletins: Severity:
High
Description:
Microsoft Windows supports automatic execution in CD/DVD drives and other removable media. This poses a security risk in the case where a CD or removable disk containing malware that automatically installs itself once the disc is inserted. It is recommended to disable AutoRun both for CD/DVD drives and also for other removable drives.
Applies to:
Created:
2007-05-10
Updated:
2010-09-20

ID:
CVE-2007-2587
Title:
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
Type:
Hardware
Bulletins:
CVE-2007-2587
SFBID23885
Severity:
Medium
Description:
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
Applies to:
Created:
2007-05-09
Updated:
2024-01-17

ID:
CVE-2007-2586
Title:
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that...
Type:
Hardware
Bulletins:
CVE-2007-2586
SFBID23885
Severity:
High
Description:
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
Applies to:
Created:
2007-05-09
Updated:
2024-01-17

ID:
CVE-2007-2502
Title:
Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.
Type:
Hardware
Bulletins:
CVE-2007-2502
SFBID23791
Severity:
High
Description:
Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.
Applies to:
Procurve Switch 9300m
Created:
2007-05-03
Updated:
2024-01-17

ID:
CVE-2007-2462
Title:
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via...
Type:
Hardware
Bulletins:
CVE-2007-2462
SFBID23768
Severity:
High
Description:
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.
Applies to:
Created:
2007-05-02
Updated:
2024-01-17

ID:
CVE-2007-2463
Title:
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination...
Type:
Hardware
Bulletins:
CVE-2007-2463
SFBID23768
Severity:
High
Description:
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.
Applies to:
Created:
2007-05-02
Updated:
2024-01-17

ID:
CVE-2007-2461
Title:
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP...
Type:
Hardware
Bulletins:
CVE-2007-2461
SFBID23763
Severity:
High
Description:
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used.
Applies to:
Created:
2007-05-02
Updated:
2024-01-17

ID:
CVE-2007-2464
Title:
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."
Type:
Hardware
Bulletins:
CVE-2007-2464
SFBID23768
Severity:
High
Description:
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."
Applies to:
Created:
2007-05-02
Updated:
2024-01-17

ID:
CVE-2007-2332
Title:
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
Type:
Hardware
Bulletins:
CVE-2007-2332
SFBID23562
Severity:
High
Description:
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
Applies to:
Contivity 1740 VPN Router
Contivity1010
Contivity1050
Contivity1100
Contivity1700
Contivity1750
Contivity2700
Contivity5000
Created:
2007-04-27
Updated:
2024-01-17

ID:
CVE-2007-2333
Title:
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow...
Type:
Hardware
Bulletins:
CVE-2007-2333
SFBID23562
Severity:
High
Description:
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.
Applies to:
Contivity1000
Contivity2000
Contivity4000
Contivity5000
Created:
2007-04-27
Updated:
2024-01-17

ID:
CVE-2007-2334
Title:
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration...
Type:
Hardware
Bulletins:
CVE-2007-2334
SFBID23562
Severity:
High
Description:
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.
Applies to:
Contivity1000
Contivity2000
Contivity4000
Contivity5000
Created:
2007-04-27
Updated:
2024-01-17

ID:
CVE-2007-2036
Title:
The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2007-2036
SFBID23461
Severity:
High
Description:
The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.
Applies to:
Created:
2007-04-16
Updated:
2024-01-17

ID:
CVE-2007-2038
Title:
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)...
Type:
Hardware
Bulletins:
CVE-2007-2038
SFBID23461
Severity:
Medium
Description:
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.
Applies to:
Cisco WLC 2000
Cisco WLC 2100
Cisco WLC 4100
Cisco WLC 4400
Created:
2007-04-16
Updated:
2024-01-17

ID:
CVE-2007-2039
Title:
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1)...
Type:
Hardware
Bulletins:
CVE-2007-2039
SFBID23461
Severity:
Medium
Description:
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.
Applies to:
Created:
2007-04-16
Updated:
2024-01-17

ID:
CVE-2007-2041
Title:
Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug...
Type:
Hardware
Bulletins:
CVE-2007-2041
SFBID23461
Severity:
Medium
Description:
Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.
Applies to:
Cisco WLC 2100
Cisco WLC 4400
Created:
2007-04-16
Updated:
2024-01-17

ID:
CVE-2007-2037
Title:
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
Type:
Hardware
Bulletins:
CVE-2007-2037
SFBID23461
Severity:
Low
Description:
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
Applies to:
Created:
2007-04-16
Updated:
2024-01-17

ID:
CVE-2007-2040
Title:
Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.
Type:
Hardware
Bulletins:
CVE-2007-2040
SFBID23461
Severity:
Medium
Description:
Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.
Applies to:
Created:
2007-04-16
Updated:
2024-01-17

ID:
MITRE:746
Title:
Word Malformed Data Structures Vulnerability
Type:
Software
Bulletins:
MITRE:746
CVE-2006-6456
Severity:
High
Description:
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
Applies to:
Microsoft Word
Created:
2007-04-10
Updated:
2024-01-17

ID:
MITRE:1141
Title:
FTP Server Response Parsing Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:1141
CVE-2007-0217
Severity:
High
Description:
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
Applies to:
Microsoft Internet Explorer
Created:
2007-04-10
Updated:
2024-01-17

ID:
MITRE:257
Title:
COM Object Instantiation Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:257
CVE-2007-0219
Severity:
High
Description:
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
Applies to:
Microsoft Internet Explorer 5
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Created:
2007-04-10
Updated:
2024-01-17

ID:
MITRE:1120
Title:
COM Object Instantiation Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:1120
CVE-2006-4697
Severity:
High
Description:
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
Applies to:
Microsoft Internet Explorer
Created:
2007-04-10
Updated:
2024-01-17

ID:
CVE-2007-1826
Title:
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster...
Type:
Hardware
Bulletins:
CVE-2007-1826
SFBID23181
Severity:
High
Description:
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.
Applies to:
Unified Callmanager
Created:
2007-04-02
Updated:
2024-01-17

ID:
CVE-2007-1833
Title:
The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of...
Type:
Hardware
Bulletins:
CVE-2007-1833
SFBID23181
Severity:
Medium
Description:
The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.
Applies to:
Unified Callmanager
Created:
2007-04-02
Updated:
2024-01-17

ID:
CVE-2007-1834
Title:
Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.
Type:
Hardware
Bulletins:
CVE-2007-1834
SFBID23181
Severity:
High
Description:
Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.
Applies to:
Unified Callmanager
Created:
2007-04-02
Updated:
2024-01-17

ID:
CVE-2007-1585
Title:
The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE:...
Type:
Hardware
Bulletins:
CVE-2007-1585
SFBID23063
Severity:
Medium
Description:
The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information.
Applies to:
wag200g
wrt54gc
Created:
2007-03-21
Updated:
2024-01-17

ID:
CVE-2007-1467
Title:
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace...
Type:
Hardware
Bulletins:
CVE-2007-1467
SFBID22982
Severity:
Low
Description:
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
Applies to:
Cisco Call Manager
Created:
2007-03-16
Updated:
2024-01-17

ID:
CVE-2007-1258
Title:
Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a...
Type:
Hardware
Bulletins:
CVE-2007-1258
Severity:
Medium
Description:
Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.
Applies to:
Cisco Catalyst 6000
Cisco Catalyst 6500 Series Switches
Cisco Catalyst 7600
Created:
2007-03-03
Updated:
2024-01-17

ID:
REF000466
Title:
P2P Software: SoulSeek Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
SoulSeek
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000465
Title:
P2P Software: Shareaza Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
Shareaza
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000464
Title:
P2P Software: Kazaa Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
Kazaa
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000463
Title:
P2P Software: IMESH Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
IMesh
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000462
Title:
P2P Software: eMule Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000461
Title:
P2P Software: eDonkey 2000 Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
eDonkey 2000
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000460
Title:
P2P Software: DC++ Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
DC++
Created:
2007-03-02
Updated:
2010-08-21

ID:
REF000459
Title:
P2P Software: BitTorrent Installed
Type:
Software
Bulletins: Severity:
Low
Description:
P2P Clients can pose a number of security risks. Even when used legitimately to download only authorized material, P2P clients might still constitute a security issue. P2P networks are huge networks interconnecting all clients together. P2P networks are made up from millions of users sharing and downloading files from each other. While most modern P2P networks use a hash system to ensure file authenticity most searches are performed using string searching and thus a download file might not be what the user thinks it to be, it might be a virus or a Trojan which would threaten network integrity. It might also be a copyright work disguised poorly as something benign thus potentially exposing the company to potential legal issues. P2P Clients also share content off the hard disk with all millions of users on the network. While care might be taken to make sure no confidential data is shared, vulnerability in the P2P client could potentially expose the entire system. Further more a disgruntled employee might use p2p to smuggle confidential data out of the company, or abuse the legitimate use and download copyrighted material. Solution: If P2P technology is needed by the company it might be wise considering running you own network of servers so that better control can be maintained on who has access to the network or what files are circulating. If an alternative can be used it might be advisable to find a more secure way of file distribution.
Applies to:
BitTorrent
Created:
2007-03-02
Updated:
2010-08-21

ID:
MITRE:669
Title:
Windows Media Format ASX Parsing Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:669
CVE-2006-6134
Severity:
High
Description:
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
Applies to:
Windows Media Format Runtime 7.1
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Created:
2007-02-20
Updated:
2024-01-17

ID:
MITRE:536
Title:
Windows Media Format ASF Parsing Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:536
CVE-2006-4702
Severity:
Medium
Description:
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Applies to:
Windows Media Format Runtime 7.1
Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Windows Media Player 6.4
Created:
2007-02-20
Updated:
2024-01-17

ID:
MITRE:313
Title:
TIF Folder Information Disclosure Vulnerability
Type:
Web
Bulletins:
MITRE:313
CVE-2006-5577
Severity:
Medium
Description:
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
Applies to:
Microsoft Internet Explorer
Created:
2007-02-20
Updated:
2024-01-17

ID:
MITRE:337
Title:
TIF Folder Information Disclosure Vulnerability
Type:
Web
Bulletins:
MITRE:337
CVE-2006-5578
Severity:
Low
Description:
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
Applies to:
Microsoft Internet Explorer
Created:
2007-02-20
Updated:
2024-01-17

ID:
MITRE:761
Title:
Script Error Handling Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:761
CVE-2006-5579
Severity:
High
Description:
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2007-02-20
Updated:
2024-01-17

ID:
MITRE:116
Title:
DHTML Script Function Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:116
CVE-2006-5581
Severity:
High
Description:
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2007-02-20
Updated:
2024-01-17

ID:
REF000454
Title:
Config shadow: incorrect file premissions
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
the shadow file has incorrect permissions. Consider setting the permissions to '400' or '-r--------' and owner/group to '0:0'.
Applies to:
Created:
2007-02-16
Updated:
2010-08-21

ID:
REF000458
Title:
Config passwd: incorrect file permissions
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
the passwd file has incorrect permissions. Consider setting the permissions to '644' or '-rw-r--r--' and owner/group to '0:0'.
Applies to:
Created:
2007-02-16
Updated:
2010-08-21

ID:
REF000456
Title:
Config LILO: no password configured
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
lilo boot manager has no password set. Consider configuring a password to avoid overriding the boot settings.
Applies to:
Created:
2007-02-16
Updated:
2010-08-21

ID:
REF000457
Title:
Config INIT: pasword-less single user mode
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
Applies to:
Created:
2007-02-16
Updated:
2010-08-21

ID:
REF000455
Title:
Config GRUB: no password configured
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
grub boot manager has no password set. Consider configuring a password to avoid overriding the boot settings.
Applies to:
Created:
2007-02-16
Updated:
2010-08-21

ID:
REF000451
Title:
Config PAM: password strenght checking not configured
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
pluggable authentication modules pam_cracklib.so password strenght checking not configured.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000450
Title:
Config PAM: minimum password lenght less than 6
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
pluggable authentication modules pam_unix.so or pam_cracklib.so minimum password lenght is less than 6. Consider increasing the minimum password lenght.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000452
Title:
Config PAM: empty passwords enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
pluggable authentication modules pam_unix.so empty passwords enabled. Consider removing 'nullok' form the pam_unix.so config line in /etc/pam.d/common-password.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000453
Title:
Config PAM: difference between paswords less than 6
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
pluggable authentication modules pam_cracklib.so minimum required difference between passwords is less than 6 characters. Consider increasing this value.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000431
Title:
Config GDM: remote root login enabled
Type:
Services
Bulletins: Severity:
Low
Description:
GDM login manager remote root login enabled. If you don't need this feature, set 'AllowRemoteRoot=false'.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000449
Title:
Config GDM: remote logins enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
GDM login manager remote logins enabled. If you don't need this feature, set 'Enable=false' in /etc/X11/gdm/gfm.conf.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000448
Title:
Config GDM: remote autologin enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
GDM login manager remote autologin enabled. If you don't need this feature, set 'AllowRemoteAutoLogin=false'.
Applies to:
Created:
2007-02-15
Updated:
2010-08-21

ID:
REF000403
Title:
Config VSFTPd: upload enabled
Type:
FTP
Bulletins: Severity:
Low
Description:
VSFTPd upload enabled. If you don't need this feature, set 'write_enable=NO'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000404
Title:
Config VSFTPd: anonymous upload enabled
Type:
FTP
Bulletins: Severity:
Low
Description:
VSFTPd anonymous upload enabled. If you don't need this feature, set 'anon_upload_enable=NO'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000402
Title:
Config VSFTPd: anonymous login enabled
Type:
FTP
Bulletins: Severity:
Low
Description:
VSFTPd anonymous login enabled. If you don't need this feature, set 'anonymous_enable=NO'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000428
Title:
Config SSHd: using default port
Type:
Services
Bulletins: Severity:
Low
Description:
SSH service is running on the default port 22. Consider changing the port to avoid automated attacks.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000429
Title:
Config SSHd: protocol 1 enabled
Type:
Services
Bulletins: Severity:
Low
Description:
SSH protocol 1 enabled. If you don't need this functionality, set 'Protocol 2'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000427
Title:
Config SSHd: .rhosts and .shosts enabled
Type:
Services
Bulletins: Severity:
Low
Description:
use of .rhost and .shost files is enabled. If you don't need this functionality, set 'IgnoreRhosts yes'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000430
Title:
Config SSH: protocol 1 enabled
Type:
Services
Bulletins: Severity:
Low
Description:
SSH protocol 1 enabled. If you don't need this functionality, set 'Protocol 2'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000437
Title:
Config shadow: weak encryption detected
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
Some or all of the passwords in /etc/shadow are not encrypted using SHA-256/512 or stronger encryption Algorithms
Applies to:
Created:
2007-02-14
Updated:
2016-07-21

ID:
REF000447
Title:
Config passwd: no shadow file detected
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
shadow file not found. Consider configuring a shadow file for password storage.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000446
Title:
Config passwd: multiple root accounts
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
file /etc/passwd contains user with ID:0 other than root. Make sure this is a legal account.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000442
Title:
Config KDM: shutdown by everybody enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
KDM login manager allows shutdown to everybody. If you don't need this functionality, set 'AllowShutdown=None'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000441
Title:
Config KDM: root login enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
KDM login manager root login enabled. If you don't need this functionality, set 'AllowRootLogin=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000439
Title:
Config KDM: password-less login enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
KDM login manager password-less login enabled. If you don't need this functionality, set 'NoPassEnabled=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000440
Title:
Config KDM: empty password login enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
KDM login manager empty password login enabled. If you don't need this functionality, set 'AllowNullPasswd=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000438
Title:
Config KDM: autologin enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
KDM login manager autologin enabled. If you don't need this functionality, set 'AutoLoginEnabled=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000445
Title:
Config GDM: shutdown by everbody enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
GDM login manager allows shutdown to everybody. If you don't need this feature, set 'SystemMenu=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000444
Title:
Config GDM: root login enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
GDM login manager root login enabled. If you don't need this feature, set 'AllowRoot=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
REF000443
Title:
Config GDM: autologin enabled
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
GDM login manager autologin enabled. If you don't need this feature, set 'AutomaticLoginEnable=false'.
Applies to:
Created:
2007-02-14
Updated:
2010-08-21

ID:
CVE-2007-0917
Title:
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
Type:
Hardware
Bulletins:
CVE-2007-0917
SFBID22549
Severity:
Medium
Description:
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
Applies to:
Created:
2007-02-13
Updated:
2024-01-17

ID:
CVE-2007-0918
Title:
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations...
Type:
Hardware
Bulletins:
CVE-2007-0918
SFBID22549
Severity:
High
Description:
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
Applies to:
Created:
2007-02-13
Updated:
2024-01-17

ID:
REF000383
Title:
GFI EndPointSecurity Report
Type:
Services
Bulletins: Severity:
High
Description:
This check generates a report regarding the status of GFI EndPointSecurity and EndPointSecurity Agent. This report is created on the GFI LANguard Network Security Scanner directory on Data\Reports\ESEC-Network-Report.csv. EndPointSecurity controls entry and exit of data via USB sticks, iPods, PDAs and other devices. For more information, visit http://www.gfi.com/endpointsecurity
Applies to:
GFI EndPointSecurity
Created:
2007-02-13
Updated:
2010-08-21

ID:
REF000382
Title:
GFI EndPointSecurity agent missing
Type:
Services
Bulletins: Severity:
High
Description:
The GFI EndPointSecurity agent is not installed on this machine. EndPointSecurity controls entry and exit of data via USB sticks, iPods, PDAs and other devices. For more information, visit http://www.gfi.com/endpointsecurity
Applies to:
GFI EndPointSecurity
Created:
2007-02-13
Updated:
2010-08-21

ID:
CVE-2006-1249
Title:
SANS06C5: Multiple iTunes and QuickTime for Mac Vulnerabilities
Type:
Software
Bulletins:
CVE-2006-1249
CVE-2005-4092
CVE-2005-3713
CVE-2006-2238
CVE-2006-1456
CVE-2005-3711
CVE-2005-3710
CVE-2005-3709
CVE-2005-3708
CVE-2005-3707
CVE-2005-2340
CVE-2005-2743
SFBID17074
SFBID15732
SFBID17953
SFBID16202
Severity:
High
Description:
Multiple vulnerabilities exist in QuickTime Player versions before 7.0.4, and in iTunes 6.0.2 and earlier. These include integer overflow, and heap-based buffer overflows. It is recommended to update to the latest versions of these products.
Applies to:
iTunes and QuickTime
Created:
2007-02-12
Updated:
2024-01-17

ID:
CVE-2006-5084
Title:
SANS06C4: Skype for Mac 1.5.*.79 and earlier vulnerable to DoS or remote code execution.
Type:
Software
Bulletins:
CVE-2006-5084
SFBID20218
Severity:
High
Description:
In some circumstances, a Skype URL can be crafted that, if followed, could cause the execution of arbitrary code on the platform on which Skype is running. It is recommended to update to Skype version 1.5.*.80 or later.
Applies to:
Skype
Created:
2007-02-12
Updated:
2024-01-17

ID:
CVE-2006-3505
Title:
SANS06M1: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Type:
Web
Bulletins:
CVE-2006-3505
SFBID19289
Severity:
High
Description:
A maliciously-crafted HTML document could cause a previously deallocated object to be accessed. This may lead to an application crash or arbitrary code execution. It is recommended to install Apple Security Update 2006-004 or update to the latest Mac OS X version. More information regarding this update may be obtained from http://docs.info.apple.com/article.html?artnum=304063
Applies to:
WebKit
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-3946
Title:
SANS06M1: WebCore in Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to cause a denial of service
Type:
Web
Bulletins:
CVE-2006-3946
SFBID19250
Severity:
High
Description:
A memory management error in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or potentially execute arbitrary code as the user viewing the site. It is recommended to update to Mac OS X version 10.4.8 or later.
Applies to:
WebCore
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-3946
Title:
SANS06M1: WebCore in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Type:
Web
Bulletins:
CVE-2006-3946
SFBID19250
Severity:
High
Description:
A memory management error in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or potentially execute arbitrary code as the user viewing the site. It is recommended to install Apple Security Update 2006-006. More information regarding this update can be obtained from http://docs.info.apple.com/article.html?artnum=304460
Applies to:
WebCore
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-0848
Title:
SANS06M1: Vulnerability in Safari and LaunchServices can lead to remote code exencution.
Type:
Web
Bulletins:
CVE-2006-0848
Severity:
Medium
Description:
It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. It is recommended to install Apple Security Update 2006-001 or update to the latest version of Mac OS X. More information about this update can be obtained from http://docs.info.apple.com/article.html?artnum=303382
Applies to:
LaunchServices
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-4394
Title:
SANS06M1: Vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIDs to bypass service access controls.
Type:
Software
Bulletins:
CVE-2006-4394
SFBID20271
Severity:
High
Description:
Service access controls can be used to restrict which users are allowed to log in to a system via loginwindow. A logic error in loginwindow allows network accounts without GUIDs to bypass service access controls. This issue only affects systems that have been configured to use service access controls for loginwindow and to allow network accounts to authenticate users without a GUID. It is recommended to update to Mac OS X version 10.4.8 or later.
Applies to:
LoginWindow
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-0397
Title:
SANS06M1: Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5
Type:
Web
Bulletins:
CVE-2006-0397
CVE-2006-0398
CVE-2006-0399
Severity:
High
Description:
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. It is recommended to install Apple Security Update 2006-002 or update to the latest Mac OS X release. More information regarding this update can be obtained from http://docs.info.apple.com/article.html?artnum=303453
Applies to:
Safari
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2005-2516
Title:
SANS06M1: Safari in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary commands.
Type:
Web
Bulletins:
CVE-2005-2516
Severity:
High
Description:
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. It is recommended to install Apple Security Update 2005-007 or update to the latest Mac OS X release. More information regarding this update can be obtained from http://docs.info.apple.com/article.html?artnum=302163
Applies to:
Safari
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-1450
Title:
SANS06M1: Multiple vulnerabilities in Mail in Apple Mac OS X 10.3.9 and 10.4.6
Type:
Mail
Bulletins:
CVE-2006-1450
CVE-2006-1449
SFBID17951
Severity:
High
Description:
Multiple vulnerabilities exist in Mail in Apple Mac OS X 10.3.9 and 10.4.6 which can allow execution of arbitrary code. It is recommended to install Security Update 2006-003 or the latest version of Mac OS X. More information about this update can be obtained from http://docs.info.apple.com/article.html?artnum=303737.
Applies to:
Mail
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2005-3705
Title:
SANS06M1: Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, allows remote attackers to execute arbitrary code.
Type:
Web
Bulletins:
CVE-2005-3705
SFBID15647
Severity:
High
Description:
WebKit contains a heap overflow that may lead to the execution of arbitrary code. This may be triggered by content downloaded from malicious web sites in applications that use WebKit such as Safari. It is recommended to install Apple Security Update 2005-009 or update to the latest Mac OS X version. More information regarding this update can be obtained from http://docs.info.apple.com/article.html?artnum=302847
Applies to:
Safari
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-3498
Title:
SANS06M1: Buffer overflow in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 and earlier
Type:
Services
Bulletins:
CVE-2006-3498
SFBID19289
Severity:
High
Description:
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 and earlier allows remote attackers to execute arbitrary code via a crafted BOOTP request. It is recommended to install Apple Security Update 2006-004 or update to the latest version of Mac OS X. More information about this update can be obtained from http://docs.info.apple.com/article.html?artnum=304063
Applies to:
Mac OS X
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2005-2518
Title:
SANS06M1: Buffer overflow in servermgrd in Mac OS X Server 10.4.2 and earlier
Type:
Software
Bulletins:
CVE-2005-2518
Severity:
High
Description:
A buffer overflow in the handling of authentication can lead to arbitrary code execution by a remote attacker. This vulnerability is present in Mac OS X Server 10.4 to 10.4.2. It is recommended to install Apple Security Update 2005-007 or update to the latest version of Mac OS X. More information about this update can be obtained from http://docs.info.apple.com/article.html?artnum=302163
Applies to:
servermgrd
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-1987
Title:
SANS06M1: Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag.
Type:
Web
Bulletins:
CVE-2006-1987
SFBID17634
Severity:
High
Description:
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. It is recommended to update Safari by installing Apple Security Update 2006-004 or updating to the latest Mac OS X release. More information regarding this update can be obtained from http://docs.info.apple.com/article.html?artnum=304063
Applies to:
Safari
Created:
2007-02-09
Updated:
2024-01-17

ID:
CVE-2006-1469
Title:
SANS06M1: Multiple Vulnerabilities in ImageIO
Type:
Software
Bulletins:
CVE-2006-1469
CVE-2006-1982
CVE-2005-2747
SFBID18731
SFBID17634
SFBID17951
SFBID14914
Severity:
High
Description:
Multiple vulnerabilities exist in ImageIO in Mac OS X versions 10.4 to 10.4.6. It is recommended to update to version 10.4.7 or later immediately.
Applies to:
Mac OS X
Created:
2007-02-08
Updated:
2024-01-17

ID:
CVE-2006-0384
Title:
SANS06M1: automount in Mac OS X 10.4.5 and earlier vulnerable to denial of service or execution of arbitrary code.
Type:
Software
Bulletins:
CVE-2006-0384
SFBID16907
Severity:
High
Description:
File servers on the local network may be able to cause Mac OS X systems to mount file systems with reserved names. This could cause the systems to become unresponsive, or possibly allow arbitrary code delivered from the file servers to run on the target system. It is recommended to install Security Update 2006-001 or update to the latest Mac OS X version.
Applies to:
automount
Created:
2007-02-08
Updated:
2024-01-17

ID:
CVE-2006-3507
Title:
SANS06M1: Multiple vulnerabilities in AirPort wireless driver
Type:
Software
Bulletins:
CVE-2006-3507
CVE-2006-3508
CVE-2006-3509
SFBID20144
Severity:
High
Description:
Multiple vulnerabilities exist in AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 and earlier. It is recommended to install AirPort Update 2006-001 and Security Update 2006-005 on this machine or update to the latest Mac OS X version. More information about these updates can be obtained from http://docs.info.apple.com/article.html?artnum=304420
Applies to:
Mac OS X
Created:
2007-02-07
Updated:
2024-01-17

ID:
REF000409
Title:
Config SSHd: X11 forwarding enabled
Type:
Services
Bulletins: Severity:
Low
Description:
X11 forwarding over ssh is enabled. If you don't need this functionality, set 'X11Forwarding no'.
Applies to:
Created:
2007-02-07
Updated:
2010-08-21

ID:
REF000408
Title:
Config SSHd: root login permited
Type:
Services
Bulletins: Severity:
Low
Description:
root SSH logins are permitted. If you don't need this functionality, set 'PermitRootLogin no'.
Applies to:
Created:
2007-02-07
Updated:
2010-08-21

ID:
REF000410
Title:
Config SSHd: empty passwords permited
Type:
Services
Bulletins: Severity:
Low
Description:
SSH logins with empty passwords are permitted. If you don't need this functionality, set 'PermitEmptyPasswords no'.
Applies to:
Created:
2007-02-07
Updated:
2010-08-21

ID:
REF000436
Title:
Config shadow: empty password detected
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
password file /etc/shadow contains an empty password
Applies to:
Created:
2007-02-07
Updated:
2010-08-21

ID:
REF000412
Title:
Config SElinux: not in strict mode
Type:
Services
Bulletins: Severity:
Low
Description:
SElinux is in targeted mode. Consider switching to strict mode.
Applies to:
Created:
2007-02-07
Updated:
2010-08-21

ID:
REF000411
Title:
Config SElinux: not in enforcing mode
Type:
Services
Bulletins: Severity:
Low
Description:
SElinux is disabled or in permissive mode. Consider switching to enforcing mode.
Applies to:
Created:
2007-02-07
Updated:
2010-08-21

ID:
REF000407
Title:
Service running: SSH
Type:
Services
Bulletins: Severity:
Low
Description:
If this computer is not administered via secure shell, the SSH service is most likely unnecessary.
Applies to:
Created:
2007-02-06
Updated:
2010-08-21

ID:
REF000433
Title:
Config BIND: allow-update not specified
Type:
DNS
Bulletins: Severity:
Low
Description:
allow-update keyword specifies who can do zone updates on this dns server.
Applies to:
Created:
2007-02-05
Updated:
2010-08-21

ID:
REF000434
Title:
Config BIND: allow-transfer not specified
Type:
DNS
Bulletins: Severity:
Low
Description:
allow-transfer keyword specifies who can do zone transfers from this dns server.
Applies to:
Created:
2007-02-05
Updated:
2010-08-21

ID:
REF000435
Title:
Config BIND: allow-recursion not specified
Type:
DNS
Bulletins: Severity:
Low
Description:
allow-recursion keyword specifies who can do recursive queries on this dns server. The dns recursive queries are available to everyone by default. It's recomended to restrict access if this is not a public dns server.
Applies to:
Created:
2007-02-05
Updated:
2010-08-21

ID:
REF000432
Title:
Config BIND: allow-query not specified
Type:
DNS
Bulletins: Severity:
Low
Description:
allow-recursion keyword specifies who can do queries on this dns server. The dns service is available to everyone by default. It's recomended to restrict access if this is not an authoritative dns server.
Applies to:
Created:
2007-02-05
Updated:
2010-08-21

ID:
REF000415
Title:
Service running: Telnet
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a Telnet server, this service is most likely unnecessary. Telnet is an obsolete and insecure service, use SSH instead.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000422
Title:
Service running: SWAT
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a SAMBA file server, this service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000416
Title:
Service running: SMTP
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a SMTP mail server, the SMTP service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000425
Title:
Service running: SAMBA SMB
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a SAMBA file server, the SMB service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000426
Title:
Service running: SAMBA NMB
Type:
Services
Bulletins: Severity:
Low
Description:
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000424
Title:
Service running: PostgeSQL
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a database server, the PostgreSQL service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000420
Title:
Service running: POP3
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a POP mail server, the POP3 service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000423
Title:
Service running: MySQL
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a database server, the MySQL service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000421
Title:
Service running: IMAP4
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not an IMAP mail server, the IMAP4 service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000419
Title:
Service running: HTTPS
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a secure web server, the HTTPS service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000406
Title:
Service running: HTTP
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not an web server, the HTTP service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000414
Title:
Service running: FTP
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a FTP server, the FTP service is most likely unnecessary. FTP is very problematic and insecure service, use HTTP, HTTPS or SFTP instead.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000413
Title:
Service running: Finger
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not an Finger server, this service is most likely unnecessary. Finger is an obsolete and insecure service, use LDAP directory services instead.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000417
Title:
Service running: DNS
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a internet domain name server, the DNS service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
REF000418
Title:
Service running: CUPS
Type:
Services
Bulletins: Severity:
Low
Description:
If this is not a CUPS print server, the CUPS server service is most likely unnecessary.
Applies to:
Created:
2007-01-31
Updated:
2010-08-21

ID:
CVE-2007-0648
Title:
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
Type:
Hardware
Bulletins:
CVE-2007-0648
SFBID22330
Severity:
High
Description:
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
Applies to:
Created:
2007-01-31
Updated:
2024-01-17

ID:
CVE-2007-0199
Title:
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
Type:
Hardware
Bulletins:
CVE-2007-0199
SFBID21990
Severity:
Medium
Description:
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
Applies to:
Created:
2007-01-11
Updated:
2024-01-17

ID:
CVE-2006-2313
Title:
SANS06C2: PostgreSQL 8.1 SQL injection vulnerability
Type:
Services
Bulletins:
CVE-2006-2313
CVE-2006-2313
SFBID18092
Severity:
High
Description:
PostgreSQL 8.1.x before 8.1.4 allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
Applies to:
Created:
2006-12-20
Updated:
2024-01-17

ID:
CVE-2006-6538
Title:
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the...
Type:
Hardware
Bulletins:
CVE-2006-6538
Severity:
High
Description:
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
Applies to:
DWL-2000AP
Created:
2006-12-13
Updated:
2024-01-17

ID:
CVE-2006-2753
Title:
SANS06C2: SQL Injection vulnerability in MySQL 5.0.x
Type:
Services
Bulletins:
CVE-2006-2753
SFBID18219
Severity:
High
Description:
SQL injection vulnerability in MySQL 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
Applies to:
MySQL 5
Created:
2006-12-12
Updated:
2024-01-17

ID:
CVE-2006-2753
Title:
SANS06C2: SQL Injection vulnerability in MySQL 4.1.x
Type:
Services
Bulletins:
CVE-2006-2753
SFBID18219
Severity:
High
Description:
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
Applies to:
MySQL 4.1
Created:
2006-12-12
Updated:
2024-01-17

ID:
CVE-2006-2313
Title:
SANS06C2: PostgreSQL 8.0 SQL injection vulnerability
Type:
Services
Bulletins:
CVE-2006-2313
CVE-2006-2313
SFBID18092
Severity:
High
Description:
PostgreSQL 8.0.x before 8.0.8 allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
Applies to:
Created:
2006-12-12
Updated:
2024-01-17

ID:
CVE-2006-2313
Title:
SANC06C2: PostgreSQL 8.0 SQL injection vulnerability
Type:
Services
Bulletins:
CVE-2006-2313
CVE-2006-2313
SFBID18092
Severity:
High
Description:
PostgreSQL 8.0.x before 8.0.8 allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
Applies to:
Created:
2006-12-12
Updated:
2024-01-17

ID:
CVE-2005-3641
Title:
SANS06C2: Multiple vulnerabilities in Oracle Database 9i
Type:
Services
Bulletins:
CVE-2005-3641
CVE-2006-0256
CVE-2006-0257
CVE-2006-0258
CVE-2006-0260
CVE-2006-0261
CVE-2006-0262
CVE-2006-0263
CVE-2006-0265
CVE-2006-0266
CVE-2006-0267
CVE-2006-0268
CVE-2006-0271
CVE-2006-0272
CVE-2006-0282
CVE-2006-0290
CVE-2006-0286
CVE-2006-0285
SFBID15450
SFBID16287
SFBID17590
Severity:
High
Description:
Multiple vulnerabilities exist in some versions of Oracle Database Server 9i. It is recommended to update to the latest versions or apply the latest patches.
Applies to:
Oracle Database 9
Created:
2006-12-11
Updated:
2024-01-17

ID:
CVE-2005-3641
Title:
SANS06C2: Multiple vulnerabilities in Oracle Database 10g
Type:
Services
Bulletins:
CVE-2005-3641
CVE-2005-3641
CVE-2006-0257
CVE-2006-0259
CVE-2006-0259
CVE-2006-0261
CVE-2006-0262
CVE-2006-0263
CVE-2006-0265
CVE-2006-0266
CVE-2006-0267
CVE-2006-0268
CVE-2006-0269
CVE-2006-0270
CVE-2006-0271
CVE-2006-0271
CVE-2006-0272
CVE-2006-0282
SFBID15450
SFBID16287
SFBID16384
SFBID17590
SFBID16294
SFBID19054
Severity:
High
Description:
Multiple vulnerabilities exist in some versions of Oracle Database Server 10g. It is recommended to update to the latest versions or apply the latest patches.
Applies to:
Oracle Database 10
Created:
2006-12-06
Updated:
2024-01-17

ID:
CVE-2006-5478
Title:
SANS07S6: Multiple vulnerabilities in Novell eDirectory 8.x
Type:
Software
Bulletins:
CVE-2006-5478
CVE-2006-4509
CVE-2006-4510
CVE-2006-4177
CVE-2006-2496
SFBID20655
SFBID20853
SFBID20663
SFBID20664
SFBID18026
Severity:
High
Description:
Multiple vulnerabilities exist in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8. These include overflow attacks that allow remote code execution and denial of service.
Applies to:
Created:
2006-12-04
Updated:
2024-01-17

ID:
CVE-2006-0992
Title:
SANS07S6: Stack-based buffer overflow in Novell GroupWise Messenger
Type:
Software
Bulletins:
CVE-2006-0992
SFBID17503
Severity:
High
Description:
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon.
Applies to:
Created:
2006-12-01
Updated:
2024-01-17

ID:
CVE-2005-1928
Title:
SANS07C6: Multiple vulnerabilities in Trend Micro ServerProtect EarthAgent 5.58 and earlier
Type:
Software
Bulletins:
CVE-2005-1928
CVE-2005-1929
SFBID15865
SFBID15866
SFBID15868
Severity:
High
Description:
Multiple vulnerabilities exist in Trend Micro ServerProtect EarthAgent versions 5.58 and earlier. These include multiple heap-based buffer overflows and denial of service.
Applies to:
Trend Micro ServerProtect
Created:
2006-11-30
Updated:
2024-01-17

ID:
CVE-2006-0323
Title:
SANS06C5: Buffer overflow in swfformat.dll in Real Rhapsody 3
Type:
Software
Bulletins:
CVE-2006-0323
SFBID17202
Severity:
High
Description:
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including Rhapsody 3 allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a a size value that is less than the actual size, or (2) other unspecified manipulations.
Applies to:
RealNetworks Rhapsody
Created:
2006-11-30
Updated:
2024-01-17

ID:
CVE-2005-2628
Title:
SANS06C5: Multiple vulnerabilities in Macromedia Flash
Type:
Software
Bulletins:
CVE-2005-2628
CVE-2005-3591
SFBID15332
SFBID15334
Severity:
High
Description:
Multiple vulnerabilities exist in Macromedia Flash versions 7.0.19.0 and earlier. These include denial of service and remote execution.
Applies to:
Created:
2006-11-28
Updated:
2024-01-17

ID:
CVE-2006-1370
Title:
SANS06C5: Multiple Vulnerabilities in RealPlayer
Type:
Software
Bulletins:
CVE-2006-1370
CVE-2005-2922
CVE-2005-4126
CVE-2005-3677
CVE-2005-2936
SFBID17202
SFBID15691
SFBID15398
SFBID15448
Severity:
High
Description:
Multiple vulnerabilities exist in RealNetworks RealPlayer in versions 10.5 6.0.12.1348 and earlier. These include buffer overflows, and possibility of remote code execution and denial of service. It is suggested to update to the latest version.
Applies to:
RealNetworks RealPlayer
Created:
2006-11-27
Updated:
2024-01-17

ID:
CVE-2006-1249
Title:
SANS06C5: Multiple iTunes and QuickTime Vulnerabilities
Type:
Software
Bulletins:
CVE-2006-1249
CVE-2005-4092
CVE-2005-3713
CVE-2006-2238
CVE-2006-1456
CVE-2005-3711
CVE-2005-3710
CVE-2005-3709
CVE-2005-3708
CVE-2005-3707
CVE-2005-2340
CVE-2005-2743
SFBID17074
SFBID15732
SFBID17953
SFBID16202
Severity:
High
Description:
Multiple vulnerabilities exist in QuickTime Player versions before 7.0.4, and in iTunes 6.0.2 and earlier. These include integer overflow, and heap-based buffer overflows. It is recommended to update to the latest versions of these products.
Applies to:
iTunes and QuickTime
Created:
2006-11-27
Updated:
2024-01-17

ID:
CVE-2005-2310
Title:
SANS06C5: Multiple buffer overflows in NullSoft Winamp 5.13 and earlier
Type:
Software
Bulletins:
CVE-2005-2310
CVE-2005-3188
CVE-2005-3188
SFBID16623
SFBID16462
SFBID14276
Severity:
High
Description:
Multiple buffer overflow vulnerabilities exist in Winamp 5.13 and earlier which allow remote code execution. It is recommended to update to the latest version.
Applies to:
Nullsoft Winamp
Created:
2006-11-27
Updated:
2024-01-17

ID:
CVE-2006-6055
Title:
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
Type:
Hardware
Bulletins:
CVE-2006-6055
SFBID21032
Severity:
High
Description:
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
Applies to:
DWL-G132
Created:
2006-11-21
Updated:
2024-01-17

ID:
SFBID715
Title:
Sendmail 8-8-4
Type:
Mail
Bulletins:
SFBID715
Severity:
High
Description:
Berkeley Sendmail is prone to a group permissions vulnerability. When delivering mail to a program which is listed in a .forward or :include: file, this program will be run the group permissions possessed by the owner of the .forward or :include: file. The owner of the file is used to initialize the list of group permissions obtained by scanning the /etc/group file, that are in force when the program is run. In such an environment it is possible to attain group permissions one should not have by linking to a file that is owned by someone else who has group write permissions. In order to solve such a problem one should upgrade to at least version 8.8.4 of sendmail or else install a vendor supplied patch.
Applies to:
Sendmail
Created:
2006-11-10
Updated:
2010-08-21

ID:
MITRE:100
Title:
VML Buffer Overrun Vulnerability
Type:
Web
Bulletins:
MITRE:100
CVE-2006-4868
Severity:
High
Description:
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
Applies to:
Microsoft Internet Explorer
Created:
2006-10-31
Updated:
2024-01-17

ID:
CVE-2006-5537
Title:
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection...
Type:
Hardware
Bulletins:
CVE-2006-5537
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.
Applies to:
DSL-G624T
Created:
2006-10-26
Updated:
2024-01-17

ID:
CVE-2006-5536
Title:
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
Type:
Hardware
Bulletins:
CVE-2006-5536
SFBID20689
Severity:
Medium
Description:
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
Applies to:
DSL-G624T
Created:
2006-10-26
Updated:
2024-01-17

ID:
CVE-2006-5538
Title:
D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
Type:
Hardware
Bulletins:
CVE-2006-5538
Severity:
Medium
Description:
D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
Applies to:
DSL-G624T
Created:
2006-10-26
Updated:
2024-01-17

ID:
CVE-2006-5553
Title:
Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan...
Type:
Hardware
Bulletins:
CVE-2006-5553
SFBID20737
Severity:
High
Description:
Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.
Applies to:
Unified Callmanager
Created:
2006-10-26
Updated:
2024-01-17

ID:
CVE-2006-5382
Title:
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that...
Type:
Hardware
Bulletins:
CVE-2006-5382
SFBID20736
Severity:
High
Description:
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
Applies to:
3Com SS3-4400-24PWR
Created:
2006-10-25
Updated:
2024-01-17

ID:
MITRE:376
Title:
Windows XP,SP2 Remote Desktop Protocol (RDP) DoS Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:376
CVE-2005-1218
Severity:
Medium
Description:
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:256
Title:
Windows XP,SP2 Print Spooler Service Buffer Overflow
Type:
Miscellaneous
Bulletins:
MITRE:256
CVE-2005-1984
Severity:
High
Description:
Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:497
Title:
Windows XP,SP2 Plug and Play Buffer Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:497
CVE-2005-1983
Severity:
High
Description:
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:618
Title:
Windows XP,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:618
CVE-2005-1218
Severity:
Medium
Description:
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:267
Title:
Windows XP Plug and Play Buffer Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:267
CVE-2005-1983
Severity:
High
Description:
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:346
Title:
Windows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:346
CVE-2005-1218
Severity:
Medium
Description:
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:609
Title:
Windows Server 2003 Remote Desktop Protocol (RDP) DoS Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:609
CVE-2005-1218
Severity:
Medium
Description:
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:160
Title:
Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:160
CVE-2005-1983
Severity:
High
Description:
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:783
Title:
Windows Server 2003 Plug and Play Buffer Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:783
CVE-2005-1983
Severity:
High
Description:
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:180
Title:
Windows 2000,SP4 Remote Desktop Protocol (RDP) DoS Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:180
CVE-2005-1218
Severity:
Medium
Description:
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
MITRE:474
Title:
Windows 2000 Plug and Play Buffer Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
MITRE:474
CVE-2005-1983
Severity:
High
Description:
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
Applies to:
Created:
2006-10-24
Updated:
2024-01-17

ID:
REF000190
Title:
Webmin running
Type:
Information
Bulletins: Severity:
Information
Description:
Webmin installed and running on this computer (port 10000)
Applies to:
Webmin
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000197
Title:
VNC server listening on port 5901
Type:
Information
Bulletins: Severity:
Information
Description:
The remote server is running VNC. VNC permits a console to be displayed remotely and should be disabled if not required. VNC can be blocked using a firewall or simply by stopping the VNC service.
Applies to:
VNC
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000245
Title:
Upnp helper is running
Type:
Miscellaneous
Bulletins: Severity:
Low
Description:
This service is not recommended to be running production machines.
Applies to:
UPnP
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000188
Title:
Sub7 server passworded
Type:
Information
Bulletins: Severity:
Information
Description:
Verify if the Sub7 server is passworded or not
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000185
Title:
Squid running
Type:
Information
Bulletins: Severity:
Information
Description:
Squid Web Proxy Cache is running on this computer.
Applies to:
Squid
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000196
Title:
Some POP3 server banners providing information to attacker
Type:
Information
Bulletins: Severity:
Information
Description:
The script displays the information provided by the POP3 server. This information could help an attacker choose the best attack vector for the server.
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000252
Title:
Sasser worm
Type:
Miscellaneous
Bulletins: Severity:
High
Description:
Sasser worm leaves a backdoor on port 5554 which allows transfer of files. Make sure you run an Antivirus on the infected computer.
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000182
Title:
Oracle HTTP Server running
Type:
Information
Bulletins: Severity:
Information
Description:
Oracle HTTP server running on this computer.
Applies to:
Oracle
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000181
Title:
MySQL (open source database) running
Type:
Information
Bulletins: Severity:
Information
Description:
MySQL is running on this computer.
Applies to:
MySQL
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000180
Title:
Microsoft SQL server
Type:
Information
Bulletins: Severity:
Information
Description:
Microsoft SQL server is installed on this computer.
Applies to:
Microsoft SQL
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000192
Title:
List of modems installed
Type:
Information
Bulletins: Severity:
Information
Description:
lists the installed modem drivers
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000195
Title:
IMAP4 server banner provides information to attacker
Type:
Information
Bulletins: Severity:
Information
Description:
Imap banners with information such as server versions and types should be omitted where possible. Instead you can change them to something more generic that will hide such information from potential intruders.
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000161
Title:
Ftp Exposing Full Path
Type:
FTP
Bulletins: Severity:
Medium
Description:
Anonymous FTP is exposing full path. This might give out sensitive information or mean that the ftp server is misconfigured.
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000194
Title:
Finger service running
Type:
Information
Bulletins: Severity:
Information
Description:
Using a finger server a remote user can get a wide range of information regarding users on the local machine.
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000193
Title:
Citrix server running on this host
Type:
Information
Bulletins: Severity:
Information
Description:
For information only
Applies to:
Citrix
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000240
Title:
BugBear-B backdoor
Type:
Miscellaneous
Bulletins: Severity:
High
Description:
BugBear.B (worm) leaves a backdoor which allows hackers remote access to your computer.
Applies to:
Created:
2006-10-17
Updated:
2010-08-21

ID:
REF000177
Title:
Apache Tomcat running
Type:
Information
Bulletins: Severity:
Information
Description:
Apache Tomcat running on port 8080
Applies to:
Apache Tomcat
Created:
2006-10-17
Updated:
2010-08-21

ID:
MITRE:171
Title:
Window Location Information Disclosure Vulnerability
Type:
Web
Bulletins:
MITRE:171
CVE-2006-3640
Severity:
Medium
Description:
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:694
Title:
Visual Basic for Applications Vulnerability
Type:
Software
Bulletins:
MITRE:694
CVE-2006-3649
Severity:
Medium
Description:
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
Applies to:
Microsoft Visual Basic 6.0
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:577
Title:
Source Element Cross-Domain Vulnerability
Type:
Web
Bulletins:
MITRE:577
CVE-2006-3639
Severity:
High
Description:
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:738
Title:
Redirect Cross-Domain Information Disclosure Vulnerability
Type:
Web
Bulletins:
MITRE:738
CVE-2006-3280
Severity:
High
Description:
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:502
Title:
HTML Rendering Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:502
CVE-2006-3637
Severity:
Medium
Description:
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:433
Title:
HTML Layout and Positioning Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:433
CVE-2006-3450
Severity:
High
Description:
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:462
Title:
FTP Server Command Injection Vulnerability
Type:
Web
Bulletins:
MITRE:462
CVE-2004-1166
Severity:
High
Description:
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:5
Title:
CSS Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:5
CVE-2006-3451
Severity:
High
Description:
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
MITRE:719
Title:
COM Object Instantiation Memory Corruption Vulnerability
Type:
Web
Bulletins:
MITRE:719
CVE-2006-3638
Severity:
High
Description:
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2006-10-16
Updated:
2024-01-17

ID:
CVE-2006-5202
Title:
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout...
Type:
Hardware
Bulletins:
CVE-2006-5202
SFBID19347
Severity:
Medium
Description:
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
Applies to:
wrt54g
Created:
2006-10-10
Updated:
2024-01-17

ID:
MITRE:1922
Title:
Remote Code Execution Vulnerability in Flash Player 8
Type:
Web
Bulletins:
MITRE:1922
CVE-2006-0024
Severity:
Medium
Description:
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
Applies to:
Adobe Flash Player
Created:
2006-10-07
Updated:
2024-01-17

ID:
MITRE:1987
Title:
Remote Code Execution Vulnerability in Flash Player 6 and 7
Type:
Web
Bulletins:
MITRE:1987
CVE-2005-2628
Severity:
Medium
Description:
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
Applies to:
Adobe Flash Player
Created:
2006-10-07
Updated:
2024-01-17

ID:
CVE-2006-4950
Title:
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting...
Type:
Hardware
Bulletins:
CVE-2006-4950
SFBID20125
Severity:
High
Description:
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
Applies to:
Created:
2006-09-23
Updated:
2024-01-17

ID:
CVE-2006-4775
Title:
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a...
Type:
Hardware
Bulletins:
CVE-2006-4775
SFBID19998
Severity:
High
Description:
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
Applies to:
Created:
2006-09-13
Updated:
2024-01-17

ID:
CVE-2006-4774
Title:
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
Type:
Hardware
Bulletins:
CVE-2006-4774
SFBID19998
Severity:
High
Description:
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
Applies to:
Created:
2006-09-13
Updated:
2024-01-17

ID:
CVE-2006-4776
Title:
Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.
Type:
Hardware
Bulletins:
CVE-2006-4776
SFBID19998
Severity:
High
Description:
Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.
Applies to:
Created:
2006-09-13
Updated:
2024-01-17

ID:
CVE-2006-4662
Title:
SANS06C4: ICQ 2003b Buffer Overflow
Type:
Software
Bulletins:
CVE-2006-4662
SFBID19897
Severity:
High
Description:
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
Applies to:
AOL ICQ
Created:
2006-09-12
Updated:
2024-01-17

ID:
CVE-2006-4650
Title:
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect...
Type:
Hardware
Bulletins:
CVE-2006-4650
SFBID19878
Severity:
Low
Description:
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
Applies to:
Created:
2006-09-08
Updated:
2024-01-17

ID:
CVE-2006-4352
Title:
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2006-4352
Severity:
Medium
Description:
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Created:
2006-08-25
Updated:
2024-01-17

ID:
CVE-2006-2113
Title:
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not...
Type:
Hardware
Bulletins:
CVE-2006-2113
SFBID19716
Severity:
Medium
Description:
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.
Applies to:
Laser Printer 3100cn
Laser Printer 5100cn
Created:
2006-08-24
Updated:
2024-01-17

ID:
CVE-2006-2112
Title:
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP...
Type:
Hardware
Bulletins:
CVE-2006-2112
SFBID19711
Severity:
High
Description:
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.
Applies to:
Laser Printer 3100cn
Laser Printer 5100cn
Created:
2006-08-24
Updated:
2024-01-17

ID:
CVE-2006-4312
Title:
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user...
Type:
Hardware
Bulletins:
CVE-2006-4312
SFBID19681
Severity:
Medium
Description:
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.
Applies to:
Created:
2006-08-23
Updated:
2024-01-17

ID:
CVE-2006-4143
Title:
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
Type:
Hardware
Bulletins:
CVE-2006-4143
SFBID19468
Severity:
High
Description:
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
Applies to:
FVG318 Router
Created:
2006-08-14
Updated:
2024-01-17

ID:
CVE-2006-4015
Title:
Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
Type:
Hardware
Bulletins:
CVE-2006-4015
SFBID19310
Severity:
Medium
Description:
Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
Applies to:
ProCurve Switch 3500yl
Procurve Switch 5400zl
Procurve Switch 6200yl
Created:
2006-08-07
Updated:
2024-01-17

ID:
CVE-2006-3906
Title:
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the...
Type:
Hardware
Bulletins:
CVE-2006-3906
SFBID19176
Severity:
Medium
Description:
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
Applies to:
Cisco PIX 501 Firewall
Cisco PIX 506 Firewall
Cisco PIX 515 Firewall
Cisco PIX 515E Firewall
Cisco PIX 520 Firewall
Cisco PIX 525 Firewall
Cisco PIX 535 Firewall
Created:
2006-07-27
Updated:
2024-01-17

ID:
CVE-2006-3687
Title:
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows...
Type:
Hardware
Bulletins:
CVE-2006-3687
SFBID19006
Severity:
High
Description:
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Applies to:
DI-524
DI-604
DI-624
DI-784
EBR-2310
WBR-1310
WBR-2310
Created:
2006-07-21
Updated:
2024-01-17

ID:
CVE-2006-3592
Title:
Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI...
Type:
Hardware
Bulletins:
CVE-2006-3592
SFBID18952
Severity:
Medium
Description:
Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005.
Applies to:
Unified Callmanager
Created:
2006-07-18
Updated:
2024-01-17

ID:
CVE-2006-3593
Title:
The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.
Type:
Hardware
Bulletins:
CVE-2006-3593
SFBID18952
Severity:
Medium
Description:
The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.
Applies to:
Unified Callmanager
Created:
2006-07-18
Updated:
2024-01-17

ID:
CVE-2006-3594
Title:
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.
Type:
Hardware
Bulletins:
CVE-2006-3594
SFBID18952
Severity:
High
Description:
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.
Applies to:
Unified Callmanager
Created:
2006-07-18
Updated:
2024-01-17

ID:
CVE-2006-3529
Title:
Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed.
Type:
Hardware
Bulletins:
CVE-2006-3529
SFBID18930
Severity:
Medium
Description:
Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed.
Applies to:
Created:
2006-07-11
Updated:
2024-01-17

ID:
CVE-2006-3291
Title:
The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all...
Type:
Hardware
Bulletins:
CVE-2006-3291
SFBID18704
Severity:
High
Description:
The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
Applies to:
Created:
2006-06-28
Updated:
2024-01-17

ID:
CVE-2006-3109
Title:
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in...
Type:
Hardware
Bulletins:
CVE-2006-3109
SFBID18504
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Applies to:
Cisco Call Manager
Created:
2006-06-20
Updated:
2024-01-17

ID:
CVE-2006-2901
Title:
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
Type:
Hardware
Bulletins:
CVE-2006-2901
SFBID18299
Severity:
Medium
Description:
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
Applies to:
DWL-2100AP
Created:
2006-06-07
Updated:
2024-01-17

ID:
MITRE:1748
Title:
FPSE XSS Vulnerability
Type:
Web
Bulletins:
MITRE:1748
CVE-2006-0015
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
Applies to:
Microsoft FrontPage Server Extensions 2002
Created:
2006-05-31
Updated:
2024-01-17

ID:
CVE-2006-2653
Title:
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
Type:
Hardware
Bulletins:
CVE-2006-2653
SFBID18168
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
Applies to:
DSA-3100
Created:
2006-05-30
Updated:
2024-01-17

ID:
CVE-2006-2559
Title:
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using...
Type:
Hardware
Bulletins:
CVE-2006-2559
Severity:
High
Description:
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
Applies to:
wrt54g
Created:
2006-05-23
Updated:
2024-01-17

ID:
CVE-2006-2337
Title:
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
Type:
Hardware
Bulletins:
CVE-2006-2337
Severity:
Medium
Description:
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
Applies to:
DSL-G604T
Created:
2006-05-11
Updated:
2024-01-17

ID:
CVE-2006-1973
Title:
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
Type:
Hardware
Bulletins:
CVE-2006-1973
SFBID17631
Severity:
Medium
Description:
Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.
Applies to:
rt31p2
Created:
2006-04-21
Updated:
2024-01-17

ID:
CVE-2006-1928
Title:
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS...
Type:
Hardware
Bulletins:
CVE-2006-1928
SFBID17607
Severity:
Medium
Description:
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.
Applies to:
Created:
2006-04-20
Updated:
2024-01-17

ID:
CVE-2006-1927
Title:
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco...
Type:
Hardware
Bulletins:
CVE-2006-1927
SFBID17607
Severity:
Medium
Description:
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475.
Applies to:
Created:
2006-04-20
Updated:
2024-01-17

ID:
CVE-2006-1631
Title:
Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP...
Type:
Hardware
Bulletins:
CVE-2006-1631
SFBID17383
Severity:
Medium
Description:
Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests.
Applies to:
Content Services Switch 11500
Created:
2006-04-05
Updated:
2024-01-17

ID:
CVE-2006-0784
Title:
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
Type:
Hardware
Bulletins:
CVE-2006-0784
SFBID16690
Severity:
Medium
Description:
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
Applies to:
DWL-G700AP
Created:
2006-02-19
Updated:
2024-01-17

ID:
CVE-2006-0485
Title:
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may...
Type:
Hardware
Bulletins:
CVE-2006-0485
SFBID16383
Severity:
Medium
Description:
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.
Applies to:
Created:
2006-01-31
Updated:
2024-01-17

ID:
CVE-2006-0486
Title:
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user...
Type:
Hardware
Bulletins:
CVE-2006-0486
Severity:
Medium
Description:
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
Applies to:
Created:
2006-01-31
Updated:
2024-01-17

ID:
CVE-2006-0367
Title:
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative...
Type:
Hardware
Bulletins:
CVE-2006-0367
SFBID16293
Severity:
Medium
Description:
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."
Applies to:
Cisco Call Manager
Created:
2006-01-22
Updated:
2024-01-17

ID:
CVE-2006-0354
Title:
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large...
Type:
Hardware
Bulletins:
CVE-2006-0354
SFBID16217
Severity:
Medium
Description:
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.
Applies to:
Cisco Aironet AP1240
Cisco Aironet Ap 1230
Cisco Aironet Ap1100
Cisco Aironet Ap1130ag
Cisco Aironet Ap1200
Cisco Aironet Ap1300
Cisco Aironet Ap1400
Cisco Aironet Ap350
Created:
2006-01-22
Updated:
2024-01-17

ID:
CVE-2006-0368
Title:
Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000...
Type:
Hardware
Bulletins:
CVE-2006-0368
SFBID16295
Severity:
High
Description:
Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.
Applies to:
Cisco Call Manager
Created:
2006-01-22
Updated:
2024-01-17

ID:
CVE-2006-0340
Title:
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang...
Type:
Hardware
Bulletins:
CVE-2006-0340
SFBID16303
Severity:
High
Description:
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.
Applies to:
Created:
2006-01-20
Updated:
2024-01-17

ID:
CVE-2006-0309
Title:
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
Type:
Hardware
Bulletins:
CVE-2006-0309
SFBID16307
Severity:
Medium
Description:
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
Applies to:
BEFVP41
Created:
2006-01-18
Updated:
2024-01-17

ID:
CVE-2005-4826
Title:
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different...
Type:
Hardware
Bulletins:
CVE-2005-4826
SFBID22268
Severity:
Medium
Description:
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.
Applies to:
Created:
2005-12-31
Updated:
2024-01-17

ID:
CVE-2005-4723
Title:
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Type:
Hardware
Bulletins:
CVE-2005-4723
SFBID16621
Severity:
Medium
Description:
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
Applies to:
DI-524
DI-624
DI-784
Created:
2005-12-31
Updated:
2024-01-17

ID:
CVE-2005-4499
Title:
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password,...
Type:
Hardware
Bulletins:
CVE-2005-4499
SFBID16025
Severity:
High
Description:
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
Applies to:
Cisco PIX 501 Firewall
Cisco PIX 506 Firewall
Cisco PIX 515 Firewall
Cisco PIX 515E Firewall
Cisco PIX 520 Firewall
Cisco PIX 525 Firewall
Cisco PIX 535 Firewall
Created:
2005-12-22
Updated:
2024-01-17

ID:
CVE-2005-4258
Title:
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is...
Type:
Hardware
Bulletins:
CVE-2005-4258
Severity:
High
Description:
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Applies to:
Cisco Catalyst 2926 Switch
Cisco Catalyst 2970...
Cisco Catalyst 4000 Series Switches
Cisco Catalyst 4506 Switch
Cisco Catalyst 4507R Switch
Cisco Catalyst 4900 Series Switches
Cisco Catalyst 4908G-L3 Switch
Cisco Catalyst 6500 Series Switches
Created:
2005-12-15
Updated:
2024-01-17

ID:
CVE-2005-4257
Title:
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is...
Type:
Hardware
Bulletins:
CVE-2005-4257
SFBID15861
Severity:
High
Description:
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Applies to:
BEFW11S4
befw11s4 v3
befw11s4 v4
wrt54gs
Created:
2005-12-15
Updated:
2024-01-17

ID:
MITRE:1231
Title:
WinXP,SP2 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1231
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2024-01-17

ID:
MITRE:1434
Title:
WinXP,SP1 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1434
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2024-01-17

ID:
MITRE:1267
Title:
Win2k,SP4 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1267
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2024-01-17

ID:
MITRE:1149
Title:
Server 2003,SP1 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1149
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2024-01-17

ID:
MITRE:1424
Title:
Server 2003 DirectShow Malicious avi File Vulnerability
Type:
Software
Bulletins:
MITRE:1424
CVE-2005-2128
Severity:
Medium
Description:
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
Applies to:
DirectX
Created:
2005-12-01
Updated:
2024-01-17

ID:
CVE-2005-3921
Title:
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of...
Type:
Hardware
Bulletins:
CVE-2005-3921
SFBID15602
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.
Applies to:
Created:
2005-11-30
Updated:
2024-01-17

ID:
CVE-2005-3774
Title:
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system,...
Type:
Hardware
Bulletins:
CVE-2005-3774
SFBID15525
Severity:
Medium
Description:
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
Applies to:
Created:
2005-11-22
Updated:
2024-01-17

ID:
CVE-2003-1267
Title:
GuildFTPd FTP Server Can Be Crashed By Remote Users Requesting DOS Device Names
Type:
FTP
Bulletins:
CVE-2003-1267
Severity:
Medium
Description:
GuildFTPd FTP Server is prone to a vulnerability, where a remote authenticated user or an anonymous user can cause the FTP service to crash, when the user requests a file with a DOS device name. This will lead to a denial of service condition. There is still no solution for such a vulnerability at this point in time.
Applies to:
GuildFTPd
Created:
2005-11-16
Updated:
2024-01-17

ID:
MITRE:100110
Title:
Apache Listening Socket Starvation Vulnerability
Type:
Web
Bulletins:
MITRE:100110
CVE-2004-0174
Severity:
Medium
Description:
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
Applies to:
Apache
Created:
2005-11-16
Updated:
2024-01-17

ID:
CVE-2005-3481
Title:
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the...
Type:
Hardware
Bulletins:
CVE-2005-3481
SFBID15275
Severity:
High
Description:
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.
Applies to:
Created:
2005-11-02
Updated:
2024-01-17

ID:
CVE-2005-3482
Title:
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic...
Type:
Hardware
Bulletins:
CVE-2005-3482
SFBID15272
Severity:
Medium
Description:
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.
Applies to:
Cisco Aironet 1131
Cisco Aironet Ap1200
Cisco Aironet Ap1240
Created:
2005-11-02
Updated:
2024-01-17

ID:
CVE-2005-3426
Title:
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
Type:
Hardware
Bulletins:
CVE-2005-3426
SFBID15144
Severity:
Medium
Description:
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
Applies to:
Content Services Switch 11500
Created:
2005-11-01
Updated:
2024-01-17

ID:
CVE-2005-2973
Title:
Linux Kernel version prior to 2.6.14-rc5
Type:
Miscellaneous
Bulletins:
CVE-2005-2973
SFBID15156
Severity:
Low
Description:
The Linux kernel is prone to a vulnerability in version 2.6.13.4. This is due to an infinite loop error in the udp_v6_get_port() function in net/ipv6/udp.c, which can cause a denial of service. Since there is no workarounds to this vulnerability, one should upgrade to version 2.6.14-rec5 or higher.
Applies to:
Kernel
Created:
2005-10-20
Updated:
2024-01-17

ID:
MITRE:989
Title:
Microsoft Outlook Express 6,SP1 News Reading Vulnerability
Type:
Mail
Bulletins:
MITRE:989
CVE-2005-1213
Severity:
High
Description:
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
Applies to:
Microsoft Outlook Express
Created:
2005-10-12
Updated:
2024-01-17

ID:
CVE-2005-2799
Title:
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
Type:
Hardware
Bulletins:
CVE-2005-2799
Severity:
High
Description:
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
Applies to:
wrt54g
Created:
2005-09-15
Updated:
2024-01-17

ID:
CVE-2005-2912
Title:
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
Type:
Hardware
Bulletins:
CVE-2005-2912
Severity:
Medium
Description:
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2024-01-17

ID:
CVE-2005-2916
Title:
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi...
Type:
Hardware
Bulletins:
CVE-2005-2916
Severity:
Medium
Description:
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2024-01-17

ID:
CVE-2005-2915
Title:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to...
Type:
Hardware
Bulletins:
CVE-2005-2915
Severity:
Medium
Description:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2024-01-17

ID:
CVE-2005-2914
Title:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration...
Type:
Hardware
Bulletins:
CVE-2005-2914
Severity:
High
Description:
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
Applies to:
wrt54g
Created:
2005-09-14
Updated:
2024-01-17

ID:
CVE-2005-2841
Title:
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted...
Type:
Hardware
Bulletins:
CVE-2005-2841
Severity:
High
Description:
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials.
Applies to:
Created:
2005-09-08
Updated:
2024-01-17

ID:
CVE-2005-2640
Title:
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which...
Type:
Hardware
Bulletins:
CVE-2005-2640
SFBID14595
Severity:
Medium
Description:
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Applies to:
NScreen5GT
Created:
2005-08-23
Updated:
2024-01-17

ID:
CVE-2005-2589
Title:
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
Type:
Hardware
Bulletins:
CVE-2005-2589
SFBID14566
Severity:
High
Description:
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
Applies to:
wrt54gs
Created:
2005-08-17
Updated:
2024-01-17

ID:
CVE-2005-2434
Title:
Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2005-2434
SFBID14407
Severity:
Medium
Description:
Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.
Applies to:
wrt54g
Created:
2005-08-03
Updated:
2024-01-17

ID:
CVE-2005-2451
Title:
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
Type:
Hardware
Bulletins:
CVE-2005-2451
SFBID14414
Severity:
Low
Description:
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
Applies to:
Created:
2005-08-03
Updated:
2024-01-17

ID:
CVE-2005-2244
Title:
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger...
Type:
Hardware
Bulletins:
CVE-2005-2244
SFBID14255
Severity:
Medium
Description:
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
Applies to:
Cisco Call Manager
Created:
2005-07-12
Updated:
2024-01-17

ID:
CVE-2005-2243
Title:
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory...
Type:
Hardware
Bulletins:
CVE-2005-2243
SFBID14253
Severity:
Medium
Description:
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.
Applies to:
Cisco Call Manager
Created:
2005-07-12
Updated:
2024-01-17

ID:
CVE-2005-2241
Title:
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows...
Type:
Hardware
Bulletins:
CVE-2005-2241
SFBID14250
Severity:
Medium
Description:
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe.
Applies to:
Cisco Call Manager
Created:
2005-07-12
Updated:
2024-01-17

ID:
CVE-2005-2105
Title:
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
Type:
Hardware
Bulletins:
CVE-2005-2105
Severity:
High
Description:
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
Applies to:
Created:
2005-07-05
Updated:
2024-01-17

ID:
MITRE:3556
Title:
Microsoft .NET Framework v1.1 Security Bypass
Type:
Miscellaneous
Bulletins:
MITRE:3556
CVE-2004-0847
Severity:
High
Description:
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Applies to:
Microsoft .NET Framework
Created:
2005-06-01
Updated:
2024-01-17

ID:
CVE-2005-1802
Title:
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
Type:
Hardware
Bulletins:
CVE-2005-1802
SFBID13792
Severity:
Medium
Description:
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
Applies to:
...
Contivity 1740 VPN Router
Contivity1000
Contivity1010
Contivity1050
Contivity1100
Contivity15xx
Contivity1600
Contivity1700
Contivity2000
Contivity2500
Contivity2600
Contivity2700
Contivity4000
Contivity4500
Contivity4600
Created:
2005-05-27
Updated:
2024-01-17

ID:
CVE-2005-1828
Title:
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2005-1828
Severity:
High
Description:
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
Applies to:
DSL-504T
Created:
2005-05-26
Updated:
2024-01-17

ID:
CVE-2005-1827
Title:
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
Type:
Hardware
Bulletins:
CVE-2005-1827
SFBID13679
Severity:
High
Description:
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
Applies to:
DSL-504T
Created:
2005-05-26
Updated:
2024-01-17

ID:
CVE-2005-1680
Title:
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes...
Type:
Hardware
Bulletins:
CVE-2005-1680
Severity:
High
Description:
D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address.
Applies to:
DSL-502T
DSL-504T
DSL-562T
DSL-G604T
Created:
2005-05-20
Updated:
2024-01-17

ID:
CVE-2005-1133
Title:
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
Type:
Hardware
Bulletins:
CVE-2005-1133
SFBID13156
Severity:
Medium
Description:
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
Applies to:
IBM OS/400 V4R4M0
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1025
Title:
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
Type:
Hardware
Bulletins:
CVE-2005-1025
Severity:
Medium
Description:
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
Applies to:
IBM OS/400 V4R4M0
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1020
Title:
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the...
Type:
Hardware
Bulletins:
CVE-2005-1020
SFBID13043
Severity:
High
Description:
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1006
Title:
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
Type:
Hardware
Bulletins:
CVE-2005-1006
SFBID12984
Severity:
Medium
Description:
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
Applies to:
SonicWall Firewall SoHo
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1021
Title:
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
Type:
Hardware
Bulletins:
CVE-2005-1021
SFBID13042
Severity:
High
Description:
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1059
Title:
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
Type:
Hardware
Bulletins:
CVE-2005-1059
SFBID13051
Severity:
Low
Description:
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
Applies to:
wet11
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1057
Title:
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
Type:
Hardware
Bulletins:
CVE-2005-1057
Severity:
High
Description:
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1058
Title:
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass...
Type:
Hardware
Bulletins:
CVE-2005-1058
Severity:
High
Description:
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-0197
Title:
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
Type:
Hardware
Bulletins:
CVE-2005-0197
SFBID12369
Severity:
Medium
Description:
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-0195
Title:
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
Type:
Hardware
Bulletins:
CVE-2005-0195
Severity:
Medium
Description:
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-0196
Title:
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
Type:
Hardware
Bulletins:
CVE-2005-0196
Severity:
Medium
Description:
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
Applies to:
Created:
2005-05-02
Updated:
2024-01-17

ID:
CVE-2005-1238
Title:
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
Type:
Hardware
Bulletins:
CVE-2005-1238
Severity:
High
Description:
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
Applies to:
IBM OS/400 V4R4M0
Created:
2005-05-02
Updated:
2024-01-17

ID:
REF000254
Title:
Possible Rootkit Detected : Hidden Processes
Type:
Rootkit
Bulletins: Severity:
High
Description:
This script identifies processes running hidden from conventional process listing tools. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
REF000255
Title:
Possible Rootkit Detected : Hidden Processes
Type:
Rootkit
Bulletins: Severity:
High
Description:
This script identifies processes running hidden from conventional process listing tools. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
REF000257
Title:
Possible Rootkit Detected : Altered system call table detected
Type:
Rootkit
Bulletins: Severity:
High
Description:
Check Requirements: (1) ‘expect’ and ‘gdb’ application packages to be installed on the target machine for the check to work. (2) A copy of an uncompressed version of the kernel (file name starts with vmlinux*) in either the /boot/ directory OR the home directory of the user used for scanning. NOTE: If more than one vmlinux* is available, the first file found will be used. To customize which file to search for you can edit the script named ‘kernelscan.sh’ and ‘procscan.sh’ and follow the instructions specified there to indicate an alternative kernel file name/location. The script will use ‘gdb’ to extract the current system call table from the running kernel and compare it to the system call table contained in the kernel copy in the /boot/ location (or home). For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
REF000253
Title:
Possible Rootkit Detected : Altered system call functions code
Type:
Rootkit
Bulletins: Severity:
High
Description:
Rootkit Detection: System call functions, code analysisCheck Requirements: (1) ‘expect’ and ‘gdb’ application packages to be installed on the target machine for the check to work. (2) A copy of an uncompressed version of the kernel (file name starts with vmlinux*) in either the /boot/ directory OR the home directory of the user used for scanning. NOTE: If more than one vmlinux* is available, the first file found will be used. To customize which file to search for you can edit the script named ‘kernelscan.sh’ and ‘procscan.sh’ and follow the instructions specified there to indicate an alternative kernel file name/location. The script will use ‘gdb’ to decompile the current syscall functions in memory and compare them with the code of the same function in the available kernel copy on the harddisk in the /boot/ location (or home). If the script finds that the code in these two versions differs, the vulnerability will trigger. For more information, visit: http://www.cert-in.org.in/training/29thmarch05/rootkits.pdf
Applies to:
Created:
2005-03-29
Updated:
2010-08-21

ID:
CVE-2005-0186
Title:
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed...
Type:
Hardware
Bulletins:
CVE-2005-0186
Severity:
Medium
Description:
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
Applies to:
Created:
2005-01-19
Updated:
2024-01-17

ID:
CVE-2005-0290
Title:
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
Type:
Hardware
Bulletins:
CVE-2005-0290
SFBID12278
Severity:
High
Description:
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
Applies to:
FVS318v3 Firewall
Created:
2005-01-17
Updated:
2024-01-17

ID:
CVE-2005-0291
Title:
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
Type:
Hardware
Bulletins:
CVE-2005-0291
SFBID12278
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
Applies to:
FVS318v3 Firewall
Created:
2005-01-17
Updated:
2024-01-17

ID:
CVE-2004-2691
Title:
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this...
Type:
Hardware
Bulletins:
CVE-2004-2691
Severity:
High
Description:
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
Applies to:
3Com SS3-4400-24PWR
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-1446
Title:
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Type:
Hardware
Bulletins:
CVE-2004-1446
SFBID10854
Severity:
Medium
Description:
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Applies to:
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-2606
Title:
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Type:
Hardware
Bulletins:
CVE-2004-2606
SFBID10441
Severity:
High
Description:
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Applies to:
befsr41 v3
wrt54g
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-2556
Title:
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
Type:
Hardware
Bulletins:
CVE-2004-2556
SFBID10459
Severity:
Medium
Description:
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
Applies to:
Netgear Wireless AP WG602
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-2557
Title:
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Type:
Hardware
Bulletins:
CVE-2004-2557
SFBID10459
Severity:
Medium
Description:
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Applies to:
Netgear Wireless AP WG602
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-0467
Title:
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at...
Type:
Hardware
Bulletins:
CVE-2004-0467
SFBID12379
Severity:
Medium
Description:
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed.
Applies to:
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-2508
Title:
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
Type:
Hardware
Bulletins:
CVE-2004-2508
SFBID10533
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
Applies to:
wvc11b
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-1775
Title:
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
Type:
Hardware
Bulletins:
CVE-2004-1775
SFBID5030
Severity:
Medium
Description:
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
Applies to:
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-1464
Title:
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Type:
Hardware
Bulletins:
CVE-2004-1464
SFBID11060
Severity:
Medium
Description:
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Applies to:
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-1454
Title:
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
Type:
Hardware
Bulletins:
CVE-2004-1454
SFBID10971
Severity:
Medium
Description:
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
Applies to:
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-2377
Title:
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Type:
Hardware
Bulletins:
CVE-2004-2377
SFBID9745
Severity:
Medium
Description:
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Applies to:
OmniSwitch 7800
Created:
2004-12-31
Updated:
2024-01-17

ID:
CVE-2004-2507
Title:
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Type:
Hardware
Bulletins:
CVE-2004-2507
SFBID10476
Severity:
Medium
Description:
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Applies to:
wvc11b
Created:
2004-12-31
Updated:
2024-01-17

ID:
MITRE:4392
Title:
Windows Server 2003 NNTP Component Buffer Overflow
Type:
Services
Bulletins:
MITRE:4392
CVE-2004-0574
Severity:
High
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-12-09
Updated:
2024-01-17

ID:
MITRE:5070
Title:
Windows NT NNTP Component Buffer Overflow
Type:
Services
Bulletins:
MITRE:5070
CVE-2004-0574
Severity:
High
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-12-09
Updated:
2024-01-17

ID:
MITRE:5926
Title:
Windows 2000 NNTP Component Buffer Overflow
Type:
Services
Bulletins:
MITRE:5926
CVE-2004-0574
Severity:
High
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-12-09
Updated:
2024-01-17

ID:
CVE-2004-0611
Title:
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Type:
Hardware
Bulletins:
CVE-2004-0611
SFBID10585
Severity:
Medium
Description:
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Applies to:
FVS318v3 Firewall
Created:
2004-12-06
Updated:
2024-01-17

ID:
CVE-2004-0468
Title:
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
Type:
Hardware
Bulletins:
CVE-2004-0468
Severity:
Medium
Description:
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
Applies to:
Created:
2004-12-06
Updated:
2024-01-17

ID:
CVE-2004-0615
Title:
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a...
Type:
Hardware
Bulletins:
CVE-2004-0615
SFBID10587
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
Applies to:
DI-614+B
DI-624
DI-704P
Created:
2004-12-06
Updated:
2024-01-17

ID:
CVE-2004-0312
Title:
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
Type:
Hardware
Bulletins:
CVE-2004-0312
SFBID9688
Severity:
Medium
Description:
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
Applies to:
wap55ag
Created:
2004-11-23
Updated:
2024-01-17

ID:
CVE-2004-0244
Title:
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet,...
Type:
Hardware
Bulletins:
CVE-2004-0244
SFBID9562
Severity:
Medium
Description:
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
Applies to:
Created:
2004-11-23
Updated:
2024-01-17

ID:
CVE-2004-0352
Title:
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
Type:
Hardware
Bulletins:
CVE-2004-0352
SFBID9806
Severity:
Medium
Description:
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
Applies to:
Cisco CSS 11050 Content Services Switch
Cisco CSS 11100 Content Services Switch Series
Cisco CSS 11150 Content Services Switch
Cisco CSS 11800 Content Services Switch
Created:
2004-11-23
Updated:
2024-01-17

ID:
MITRE:188
Title:
MS Word Macro Security Bypass Vulnerability
Type:
Software
Bulletins:
MITRE:188
CVE-2003-0664
Severity:
High
Description:
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
Applies to:
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 97
Created:
2004-09-29
Updated:
2024-01-17

ID:
CVE-2004-1650
Title:
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Type:
Hardware
Bulletins:
CVE-2004-1650
SFBID11072
Severity:
High
Description:
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Applies to:
DCS-900
Created:
2004-08-31
Updated:
2024-01-17

ID:
CVE-2004-0661
Title:
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid...
Type:
Hardware
Bulletins:
CVE-2004-0661
SFBID10621
Severity:
Medium
Description:
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
Applies to:
DI-604
DI-614+B
DI-624
Created:
2004-08-06
Updated:
2024-01-17

ID:
CVE-2004-0580
Title:
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2004-0580
SFBID10329
Severity:
Medium
Description:
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
Applies to:
BEFSR41
BEFSR81
BEFSX41
BEFVP41
befsr11
befsr41w
befsru31
wap55ag
wrt54g
Created:
2004-08-06
Updated:
2024-01-17

ID:
CVE-2004-0589
Title:
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
Type:
Hardware
Bulletins:
CVE-2004-0589
Severity:
Medium
Description:
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
Applies to:
Created:
2004-08-06
Updated:
2024-01-17

ID:
CVE-2004-0551
Title:
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the...
Type:
Hardware
Bulletins:
CVE-2004-0551
Severity:
Medium
Description:
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
Applies to:
Cisco Catalyst 2902 Switch
Cisco Catalyst 2926 Switch
Cisco Catalyst 2926GL Switch
Cisco Catalyst 2948G-GE-TX Switch
Cisco Catalyst 2980G Switch
Cisco Catalyst 2980G-A...
Cisco Catalyst C2948G-L3 Ethernet Switch
Created:
2004-08-06
Updated:
2024-01-17

ID:
CVE-2004-0710
Title:
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2004-0710
SFBID10083
Severity:
Medium
Description:
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
Applies to:
Created:
2004-07-27
Updated:
2024-01-17

ID:
MITRE:2705
Title:
Windows XP/Server 2003 DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2705
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2024-01-17

ID:
MITRE:2413
Title:
Windows XP (64-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2413
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2024-01-17

ID:
MITRE:2190
Title:
Windows XP (32-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2190
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2024-01-17

ID:
MITRE:2516
Title:
Windows Server 2003 (32-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2516
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2024-01-17

ID:
CVE-2002-0082
Title:
mod_ssl is old
Type:
Services
Bulletins:
CVE-2002-0082
SFBID10736
Severity:
High
Description:
mod ssl older than 2.8.7 have a buffer over which could allow users to gain a shell remotely.
Applies to:
Apache
Created:
2004-07-16
Updated:
2024-01-17

ID:
CVE-2004-0595
Title:
PHP older than 4.3.8
Type:
Services
Bulletins:
CVE-2004-0595
SFBID10724
Severity:
Medium
Description:
PHP older than 4.3.8 is vulnerable to a remote code execution vulnerability.
Applies to:
PHP
Created:
2004-07-14
Updated:
2024-01-17

ID:
MITRE:1027
Title:
Windows 2000 DirectPlay Denial of Service
Type:
Miscellaneous
Bulletins:
MITRE:1027
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
Microsoft DirectPlay
Created:
2004-07-12
Updated:
2024-01-17

ID:
MITRE:958
Title:
Windows XP RPCSS Service DCOM Activation Denial of Service
Type:
Software
Bulletins:
MITRE:958
CVE-2004-0116
Severity:
Medium
Description:
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
Applies to:
Created:
2004-06-16
Updated:
2024-01-17

ID:
MITRE:900
Title:
Windows XP RPCSS DCOM Buffer Overflow
Type:
Software
Bulletins:
MITRE:900
CVE-2003-0813
Severity:
Medium
Description:
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
Applies to:
Created:
2004-06-16
Updated:
2024-01-17

ID:
MITRE:925
Title:
MS IE HTML Directive Buffer Overflow
Type:
Web
Bulletins:
MITRE:925
CVE-2002-0022
Severity:
High
Description:
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2024-01-17

ID:
MITRE:974
Title:
IE Frame Domain Verification Vulnerability
Type:
Web
Bulletins:
MITRE:974
CVE-2002-0027
Severity:
High
Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2024-01-17

ID:
MITRE:921
Title:
IE File Execution User-prompt Bypass Vulnerability
Type:
Web
Bulletins:
MITRE:921
CVE-2001-0727
Severity:
High
Description:
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2024-01-17

ID:
MITRE:1014
Title:
IE File Download Dialog Deception Vulnerability
Type:
Web
Bulletins:
MITRE:1014
CVE-2001-0875
Severity:
High
Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2024-01-17

ID:
CVE-2004-0413
Title:
Subversion version older than 1.0.5
Type:
Services
Bulletins:
CVE-2004-0413
SFBID10519
Severity:
High
Description:
Additional Bugtraq IDs: http://www.securityfocus.com/bid/10386 http://www.securityfocus.com/bid/10428
Applies to:
Subversion
Created:
2004-06-11
Updated:
2024-01-17

ID:
MITRE:886
Title:
Windows XP SSL Library Denial of Service
Type:
Software
Bulletins:
MITRE:886
CVE-2004-0120
Severity:
Medium
Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
Applies to:
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:898
Title:
Windows XP LSASS Buffer Overflow
Type:
Software
Bulletins:
MITRE:898
CVE-2003-0533
Severity:
High
Description:
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Applies to:
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:964
Title:
Windows XP H.323 Protocol Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:964
CVE-2004-0117
Severity:
High
Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
Applies to:
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:885
Title:
Windows Server 2003 SSL Library Denial of Service
Type:
Software
Bulletins:
MITRE:885
CVE-2004-0120
Severity:
Medium
Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
Applies to:
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:919
Title:
Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability
Type:
Software
Bulletins:
MITRE:919
CVE-2003-0533
Severity:
High
Description:
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Applies to:
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:946
Title:
Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:946
CVE-2004-0117
Severity:
High
Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
Applies to:
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:968
Title:
MS Jet Database Buffer Overflow
Type:
Services
Bulletins:
MITRE:968
CVE-2004-0197
Severity:
High
Description:
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
Applies to:
Microsoft Jet 4.0 Database Engine
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:990
Title:
Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability
Type:
Mail
Bulletins:
MITRE:990
CVE-2004-0380
Severity:
High
Description:
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Applies to:
Microsoft Outlook Express
Created:
2004-05-25
Updated:
2024-01-17

ID:
MITRE:586
Title:
MS Word 98 Macro Names Buffer Overflow
Type:
Software
Bulletins:
MITRE:586
CVE-2003-0820
Severity:
High
Description:
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Applies to:
Microsoft Word 98
Created:
2004-03-25
Updated:
2024-01-17

ID:
MITRE:585
Title:
MS Word 97 Macro Names Buffer Overflow
Type:
Software
Bulletins:
MITRE:585
CVE-2003-0820
Severity:
High
Description:
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Applies to:
Microsoft Word 97
Created:
2004-03-25
Updated:
2024-01-17

ID:
MITRE:675
Title:
MS Excel 97 Malicious Macro Security Bypass Vulnerability
Type:
Software
Bulletins:
MITRE:675
CVE-2003-0821
Severity:
High
Description:
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
Applies to:
Microsoft Excel 97
Created:
2004-03-25
Updated:
2024-01-17

ID:
MITRE:141
Title:
Microsoft Internet Explorer MIME Hack
Type:
Web
Bulletins:
MITRE:141
CVE-2001-0154
Severity:
High
Description:
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
Applies to:
Microsoft Internet Explorer
Created:
2004-03-25
Updated:
2024-01-17

ID:
CVE-2004-0054
Title:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the...
Type:
Hardware
Bulletins:
CVE-2004-0054
SFBID9406
Severity:
High
Description:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Applies to:
Created:
2004-02-17
Updated:
2024-01-17

ID:
CVE-2004-0129
Title:
phpMyAdmin mysql web administration tool vulnerability
Type:
Services
Bulletins:
CVE-2004-0129
SFBID9564
Severity:
Medium
Description:
This phpMyAdmin allows remote users to read sensitive files remotely.
Applies to:
phpMyAdmin
Created:
2004-02-03
Updated:
2024-01-17

ID:
CVE-2003-0789
Title:
Apache is older than 2.0.48
Type:
Miscellaneous
Bulletins:
CVE-2003-0789
SFBID8926
SFBID9504
Severity:
High
Description:
Apache versions older than 2.0.48 have various flaws which need patching.
Applies to:
Apache
Created:
2004-01-27
Updated:
2024-01-17

ID:
CVE-2003-1002
Title:
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Type:
Hardware
Bulletins:
CVE-2003-1002
Severity:
Medium
Description:
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Applies to:
Cisco Catalyst 6500 Series Switches
Created:
2004-01-05
Updated:
2024-01-17

ID:
CVE-2003-1001
Title:
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Type:
Hardware
Bulletins:
CVE-2003-1001
Severity:
Medium
Description:
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Applies to:
Cisco Catalyst 6500 Series Switches
Created:
2004-01-05
Updated:
2024-01-17

ID:
CVE-2003-1132
Title:
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2003-1132
Severity:
Medium
Description:
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Content Services Switch 11500
Created:
2003-12-31
Updated:
2024-01-17

ID:
CVE-2003-1264
Title:
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)...
Type:
Hardware
Bulletins:
CVE-2003-1264
SFBID6533
Severity:
Medium
Description:
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
Applies to:
DI-614+B
Created:
2003-12-31
Updated:
2024-01-17

ID:
CVE-2003-1490
Title:
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Type:
Hardware
Bulletins:
CVE-2003-1490
SFBID7435
Severity:
High
Description:
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Applies to:
SonicWall Firewall Pro 100
SonicWall Firewall Pro 200
SonicWall Firewall Pro 300
Created:
2003-12-31
Updated:
2024-01-17

ID:
CVE-2003-1346
Title:
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Type:
Hardware
Bulletins:
CVE-2003-1346
SFBID6609
Severity:
High
Description:
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Applies to:
DWL-900AP+B
Created:
2003-12-31
Updated:
2024-01-17

ID:
CVE-2003-1398
Title:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Type:
Hardware
Bulletins:
CVE-2003-1398
SFBID6823
Severity:
High
Description:
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Applies to:
Created:
2003-12-31
Updated:
2024-01-17

ID:
CVE-2003-1497
Title:
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Type:
Hardware
Bulletins:
CVE-2003-1497
SFBID8834
Severity:
Medium
Description:
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Applies to:
BEFSX41
Created:
2003-12-31
Updated:
2024-01-17

ID:
CVE-2003-0795
Title:
zebra/Quagga versions older than 0.96.4
Type:
Services
Bulletins:
CVE-2003-0795
SFBID9029
Severity:
Medium
Description:
zebra/Quagga versions older than 0.96.4 are vulnerable to a denial of service.
Applies to:
Created:
2003-11-12
Updated:
2024-01-17

ID:
CVE-2003-0511
Title:
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
Type:
Hardware
Bulletins:
CVE-2003-0511
Severity:
Medium
Description:
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
Applies to:
Created:
2003-08-27
Updated:
2024-01-17

ID:
CVE-2003-0512
Title:
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password...
Type:
Hardware
Bulletins:
CVE-2003-0512
Severity:
Medium
Description:
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
Applies to:
Created:
2003-08-27
Updated:
2024-01-17

ID:
CVE-2003-0647
Title:
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
Type:
Hardware
Bulletins:
CVE-2003-0647
Severity:
High
Description:
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
Applies to:
Created:
2003-08-27
Updated:
2024-01-17

ID:
SFBID8062
Title:
Abyss Web server Bufferoverflow
Type:
Miscellaneous
Bulletins:
SFBID8062
Severity:
High
Description:
A security vulnerability exists in Abyss Web Server. A heap overrun takes place due to insufficient bounds checking of data supplied via client HTTP GET requests. In such case random code can be executed with the privileges of the web server. This vulnerability affects Abyss Web Server version 1.1.2. Later versions may also be affected. Abyss Web Server version 1.1.6 does is not prone to such a vulnerability thus users are advised to upgrade to such a version.
Applies to:
Abyss Web Server
Created:
2003-06-30
Updated:
2010-08-21

ID:
CVE-2003-0305
Title:
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
Type:
Hardware
Bulletins:
CVE-2003-0305
Severity:
Medium
Description:
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
Applies to:
Created:
2003-06-09
Updated:
2024-01-17

ID:
CVE-2003-0216
Title:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
Type:
Hardware
Bulletins:
CVE-2003-0216
Severity:
High
Description:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.
Applies to:
Created:
2003-05-12
Updated:
2024-01-17

ID:
CVE-2002-1426
Title:
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
Type:
Hardware
Bulletins:
CVE-2002-1426
SFBID5336
Severity:
High
Description:
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow.
Applies to:
Procurve Switch 4000m
Created:
2003-04-11
Updated:
2024-01-17

ID:
CVE-2002-1547
Title:
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different...
Type:
Hardware
Bulletins:
CVE-2002-1547
Severity:
Medium
Description:
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.
Applies to:
Created:
2003-03-31
Updated:
2024-01-17

ID:
CVE-2003-0161
Title:
Sendmail is older than 8.12.9
Type:
Mail
Bulletins:
CVE-2003-0161
Severity:
High
Description:
Sendmail is a Mail Transport Agent included in all the Red Hat Linux distributions. A security flaw was discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker will be able to crash the instance of Sendmail dealing with the request.In case version 8.12.9 is not available, a patch should be installed. The patch and PGP signature can be downloaded from a link given in: http://www.sendmail.org/patchps.html. Check the PGP signature using either: gpg -verify prescan.tar.gz.uu.asc prescan.tar.gz.uuorpgp prescan.tar.gz.uu.asc prescan.tar.gz.uuThen unpack the patches using the following command:uudecode -p < prescan.tar.gz.uu | gunzip -c | tar -xf -Then apply the appropriate patch to your version of the Sendmail source code:cd sendmail-8.12.8/sendmailpatch < prescan.VERSION.patchIf version older than 8.12.8 was installed, make sure you install the previous patches. Recompile sendmail and install the new binary.
Applies to:
Sendmail
Created:
2003-03-29
Updated:
2024-01-17

ID:
CVE-2003-0100
Title:
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
Type:
Hardware
Bulletins:
CVE-2003-0100
SFBID6895
Severity:
High
Description:
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
Applies to:
Created:
2003-03-03
Updated:
2024-01-17

ID:
CVE-2002-1337
Title:
Remote Buffer Overflow in Sendmail
Type:
Mail
Bulletins:
CVE-2002-1337
SFBID6991
Severity:
High
Description:
Sendmail version 5.79 to 8.12.7 are vulnerable to a buffer overflow, allowing attackers to execute their own code on the target via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function, which is found in headers.c. A newer version of Sendmail 8.12.8 exists, which contains a fix for this critical security problem.
Applies to:
Sendmail
Created:
2003-03-02
Updated:
2024-01-17

ID:
CVE-2002-2053
Title:
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is...
Type:
Hardware
Bulletins:
CVE-2002-2053
SFBID4949
Severity:
Medium
Description:
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2239
Title:
The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
Type:
Hardware
Bulletins:
CVE-2002-2239
SFBID6358
Severity:
High
Description:
The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-1892
Title:
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2002-1892
SFBID5830
Severity:
Low
Description:
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
Applies to:
FVS318v3 Firewall
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2371
Title:
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
Type:
Hardware
Bulletins:
CVE-2002-2371
SFBID6046
Severity:
High
Description:
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.
Applies to:
wet11
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2159
Title:
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2002-2159
SFBID4987
Severity:
High
Description:
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access.
Applies to:
BEFSR41
befsr11
befsru31
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2137
Title:
GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive...
Type:
Hardware
Bulletins:
CVE-2002-2137
SFBID6100
Severity:
Medium
Description:
GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.
Applies to:
DWL-900AP+B
wap11
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2150
Title:
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the...
Type:
Hardware
Bulletins:
CVE-2002-2150
SFBID6023
Severity:
Medium
Description:
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2208
Title:
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements,...
Type:
Hardware
Bulletins:
CVE-2002-2208
SFBID6443
Severity:
High
Description:
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-1810
Title:
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and...
Type:
Hardware
Bulletins:
CVE-2002-1810
SFBID6015
Severity:
High
Description:
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
Applies to:
DWL-900AP+B
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2341
Title:
Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.
Type:
Hardware
Bulletins:
CVE-2002-2341
SFBID4755
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.
Applies to:
SonicWall Firewall SoHo 3
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-1706
Title:
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message...
Type:
Hardware
Bulletins:
CVE-2002-1706
SFBID5041
Severity:
Medium
Description:
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2315
Title:
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
Type:
Hardware
Bulletins:
CVE-2002-2315
SFBID4786
Severity:
High
Description:
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-1768
Title:
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
Type:
Hardware
Bulletins:
CVE-2002-1768
SFBID4948
Severity:
Medium
Description:
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2316
Title:
Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive...
Type:
Hardware
Bulletins:
CVE-2002-2316
SFBID4790
Severity:
Medium
Description:
Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2052
Title:
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port...
Type:
Hardware
Bulletins:
CVE-2002-2052
SFBID4947
Severity:
Medium
Description:
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
Applies to:
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-1865
Title:
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote...
Type:
Hardware
Bulletins:
CVE-2002-1865
SFBID6090
Severity:
Medium
Description:
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
Applies to:
BEFW11S4
DI-704
DI-804
wap11
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-2379
Title:
** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be...
Type:
Hardware
Bulletins:
CVE-2002-2379
SFBID6059
Severity:
High
Description:
** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor.
Applies to:
Cisco AS5350 Universal Gateway
Created:
2002-12-31
Updated:
2024-01-17

ID:
CVE-2002-1360
Title:
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code...
Type:
Hardware
Bulletins:
CVE-2002-1360
Severity:
High
Description:
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
Applies to:
Created:
2002-12-23
Updated:
2024-01-17

ID:
CVE-2002-1357
Title:
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder...
Type:
Hardware
Bulletins:
CVE-2002-1357
SFBID6405
Severity:
High
Description:
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Applies to:
Created:
2002-12-23
Updated:
2024-01-17

ID:
CVE-2002-1358
Title:
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Type:
Hardware
Bulletins:
CVE-2002-1358
Severity:
High
Description:
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Applies to:
Created:
2002-12-23
Updated:
2024-01-17

ID:
CVE-2002-1359
Title:
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder...
Type:
Hardware
Bulletins:
CVE-2002-1359
SFBID6407
Severity:
High
Description:
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Applies to:
Created:
2002-12-23
Updated:
2024-01-17

ID:
CVE-2002-1354
Title:
TYPSoft FTP Server 0-99-8 Arbitrary Dir Listing
Type:
FTP
Bulletins:
CVE-2002-1354
Severity:
Medium
Description:
TYPSoft version 0.99.8 is prone to a vulnerability where a remote user can view directory listings for directories located outside of the FTP document directory. The character sequence ‘...’ is not properly filtered, thus leading to such a vulnerability. The vulnerability issue was fixed in version 0.99.13 or later, which is available at: http://www.idefense.com/advisory/12.16.02a.txt.
Applies to:
TYPSoft FTP Server
Created:
2002-12-13
Updated:
2024-01-17

ID:
CVE-2002-1272
Title:
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
Type:
Hardware
Bulletins:
CVE-2002-1272
SFBID6220
Severity:
High
Description:
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
Applies to:
Created:
2002-12-11
Updated:
2024-01-17

ID:
CVE-2002-1312
Title:
Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2002-1312
SFBID6208
Severity:
Medium
Description:
Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password.
Applies to:
BEFSR41
BEFSR81
BEFSX41
BEFVP41
BEFW11S4
befsr11
befsru31
Created:
2002-11-20
Updated:
2024-01-17

ID:
CVE-2002-1236
Title:
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.
Type:
Hardware
Bulletins:
CVE-2002-1236
SFBID6086
Severity:
Medium
Description:
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.
Applies to:
BEFSR41
Created:
2002-11-12
Updated:
2024-01-17

ID:
CVE-2002-1222
Title:
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
Type:
Hardware
Bulletins:
CVE-2002-1222
SFBID5976
Severity:
High
Description:
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
Applies to:
Created:
2002-10-28
Updated:
2024-01-17

ID:
CVE-2002-1147
Title:
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2002-1147
SFBID5784
Severity:
High
Description:
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
Applies to:
Procurve Switch 4000m
Created:
2002-10-11
Updated:
2024-01-17

ID:
CVE-2002-1068
Title:
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
Type:
Hardware
Bulletins:
CVE-2002-1068
SFBID5330
Severity:
Medium
Description:
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
Applies to:
DP-303
Created:
2002-10-04
Updated:
2024-01-17

ID:
CVE-2002-0891
Title:
The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.
Type:
Hardware
Bulletins:
CVE-2002-0891
SFBID4842
Severity:
Medium
Description:
The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.
Applies to:
Created:
2002-10-04
Updated:
2024-01-17

ID:
CVE-2002-1069
Title:
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device...
Type:
Hardware
Bulletins:
CVE-2002-1069
SFBID5544
Severity:
Medium
Description:
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information.
Applies to:
DI-804
Created:
2002-10-04
Updated:
2024-01-17

ID:
CVE-2002-0954
Title:
The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
Type:
Hardware
Bulletins:
CVE-2002-0954
Severity:
High
Description:
The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
Applies to:
Created:
2002-10-04
Updated:
2024-01-17

ID:
CVE-2002-0886
Title:
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to...
Type:
Hardware
Bulletins:
CVE-2002-0886
SFBID4813
Severity:
Medium
Description:
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
Applies to:
Created:
2002-10-04
Updated:
2024-01-17

ID:
CVE-2002-0870
Title:
The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL...
Type:
Hardware
Bulletins:
CVE-2002-0870
Severity:
High
Description:
The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Created:
2002-09-05
Updated:
2024-01-17

ID:
CVE-2002-0426
Title:
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
Type:
Hardware
Bulletins:
CVE-2002-0426
SFBID4250
Severity:
High
Description:
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
Applies to:
BEFVP41
Created:
2002-08-12
Updated:
2024-01-17

ID:
CVE-2002-0792
Title:
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
Type:
Hardware
Bulletins:
CVE-2002-0792
SFBID4747
Severity:
Medium
Description:
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Created:
2002-08-12
Updated:
2024-01-17

ID:
CVE-2002-0505
Title:
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via...
Type:
Hardware
Bulletins:
CVE-2002-0505
SFBID4370
Severity:
Medium
Description:
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
Applies to:
Cisco Call Manager
Created:
2002-08-12
Updated:
2024-01-17

ID:
CVE-2002-0813
Title:
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
Type:
Hardware
Bulletins:
CVE-2002-0813
SFBID5328
Severity:
High
Description:
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
Applies to:
Created:
2002-08-12
Updated:
2024-01-17

ID:
CVE-2002-0661
Title:
Apache: Apache 2.0.39 directory traversal and path disclosure bug
Type:
Web
Bulletins:
CVE-2002-0661
SFBID5434
Severity:
High
Description:
Directory traversal and path disclosure.
Applies to:
Apache
Created:
2002-08-09
Updated:
2024-01-17

ID:
CVE-2002-0826
Title:
Ipswitch WS_FTP Server 3-1-1 Buffer Overflow in SITE CPWD Command Processing
Type:
FTP
Bulletins:
CVE-2002-0826
SFBID5427
Severity:
High
Description:
Ipswitch WS_FTP server is prone to a vulnerability, where a remote authenticated user can cause a buffer overflow and execute arbitrary code while having system level privileges. A patch has been released by the vendor, which is available at: ftp://ftp.ipswitch.com/ipswitch/product_support/WS_FTP_Server/ifs312.exe. For more information on how to apply patches, see: http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html. The buffer overflow can be generated by sending a special SITE CPWD command, which overwrites the EIP register, causing arbitrary code to be executed.
Applies to:
Ipswitch WS_FTP Server
Created:
2002-08-08
Updated:
2024-01-17

ID:
REF000107
Title:
All Servers: Tomcat source.jsp directory listing and webroot location display
Type:
Web
Bulletins: Severity:
Medium
Description:
Remote attackers can obtain listings of web directories. For more information, visit: http://www.cgisecurity.com/archive/webservers/tomcat_3.23_and_3.24_source.jsp_dir_listing_path_disclose.txt
Applies to:
Apache Tomcat
Created:
2002-08-01
Updated:
2010-08-21

ID:
CVE-2002-0655
Title:
OpenSSL versions older than 0.9.7e and 0.9.6m
Type:
Miscellaneous
Bulletins:
CVE-2002-0655
CVE-2002-0656
CVE-2002-0657
CVE-2002-0659
SFBID5361
SFBID5362
SFBID5363
SFBID5364
SFBID5366
Severity:
High
Description:
The OpenSSL library provides cryptographic support to applications that communicate over the network such as the Apache web server, POP3, IMAP, SMTP and LDAP servers. Any vulnerability within the library can be exploited via these applications. Multiple vulnerabilities have been found in the OpenSSL library, allowing remote users to execute arbitrary code with root privileges. Version prior to 0.9.7d and 0.9.6m are affected, thus one is advised to upgrade to a newer version.
Applies to:
OpenSSL
Created:
2002-07-30
Updated:
2024-01-17

ID:
CVE-2002-0713
Title:
Multiple Squid vulnerabilities
Type:
Services
Bulletins:
CVE-2002-0713
CVE-2002-0714
CVE-2002-0715
SFBID5154
SFBID5155
SFBID5156
SFBID5157
SFBID5158
Severity:
High
Description:
Remote code execution and/or denial of service.
Applies to:
Created:
2002-07-03
Updated:
2024-01-17

ID:
CVE-2002-0545
Title:
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
Type:
Hardware
Bulletins:
CVE-2002-0545
SFBID4461
Severity:
Medium
Description:
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
Applies to:
Cisco Aironet Ap340
Cisco Aironet Ap350
Created:
2002-07-03
Updated:
2024-01-17

ID:
CVE-2002-0350
Title:
HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
Type:
Hardware
Bulletins:
CVE-2002-0350
SFBID4212
Severity:
High
Description:
HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
Applies to:
Procurve Switch 4000m
Created:
2002-06-25
Updated:
2024-01-17

ID:
CVE-2002-0339
Title:
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
Type:
Hardware
Bulletins:
CVE-2002-0339
SFBID4191
Severity:
Medium
Description:
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
Applies to:
Created:
2002-06-25
Updated:
2024-01-17

ID:
CVE-2002-0640
Title:
Remote OpenSSH Vulnerability
Type:
Miscellaneous
Bulletins:
CVE-2002-0640
SFBID5093
Severity:
High
Description:
A remotely exploitable vulnerability exists in OpenSSH prior to version 3.3 (Version 3.3 is affected only if UsePrivilegeSeparation is disabled).
Applies to:
OpenSSH
Created:
2002-06-24
Updated:
2024-01-17

ID:
CVE-2002-0392
Title:
Apache Chunked-Encoding Memory Corruption Vulnerability
Type:
Miscellaneous
Bulletins:
CVE-2002-0392
SFBID5033
Severity:
High
Description:
This version is vulnerable to a bug which may be remotely exploitable. Download the latest version of Apache from httpd.apache.org.
Applies to:
Apache
Created:
2002-06-17
Updated:
2024-01-17

ID:
CVE-2002-0234
Title:
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which...
Type:
Hardware
Bulletins:
CVE-2002-0234
SFBID4015
Severity:
Low
Description:
NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.
Applies to:
Created:
2002-05-29
Updated:
2024-01-17

ID:
CVE-2002-1634
Title:
All Servers: Netware default programs display server information
Type:
Web
Bulletins:
CVE-2002-1634
SFBID4874
Severity:
Medium
Description:
Possible sensitive information disclosure.
Applies to:
Netware
Created:
2002-05-29
Updated:
2024-01-17

ID:
CVE-2002-1634
Title:
All Servers: Netware default programs display server information
Type:
Web
Bulletins:
CVE-2002-1634
SFBID4874
Severity:
Medium
Description:
Possible sensitive information disclosure.
Applies to:
Netware
Created:
2002-05-29
Updated:
2024-01-17

ID:
CVE-2002-0893
Title:
IIS: ServletExec 4.1 ISAPI File Reading
Type:
Web
Bulletins:
CVE-2002-0893
SFBID4795
Severity:
Medium
Description:
View the contents of files normally inaccessible.
Applies to:
IIS
Created:
2002-05-22
Updated:
2024-01-17

ID:
CVE-2002-0379
Title:
IMAP4 server
Type:
Services
Bulletins:
CVE-2002-0379
SFBID4713
Severity:
High
Description:
Wu-imapd is vulnerable to a buffer overflow condition. This has been reported to occur when a valid user requests partial mailbox attributes. Exploitation may result in the execution of arbitrary code.
Applies to:
Created:
2002-05-10
Updated:
2024-01-17

ID:
CVE-2002-0889
Title:
Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability
Type:
Mail
Bulletins:
CVE-2002-0889
SFBID4614
Severity:
Medium
Description:
QUALCOMM’s QPopper is freely available, and is designed to work on various operating systems, however, a vulnerability exists which affects only the UNIX and Linux platforms. When a user supplies a bulletin with a name longer than 256 bytes, a buffer overflow will occur, resulting in overwriting of the process memory, and also arbitrary code execution. Caldera has issued some fixes. The upgrade is available at: ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20/
Applies to:
Qualcomm Qpopper
Created:
2002-04-28
Updated:
2024-01-17

ID:
CVE-2002-0575
Title:
AFS-Kerberos Support in OpenSSH Poses a Security Threat
Type:
Miscellaneous
Bulletins:
CVE-2002-0575
SFBID4560
Severity:
High
Description:
See webpage for more information.
Applies to:
OpenSSH
Created:
2002-04-19
Updated:
2024-01-17

ID:
CVE-2002-1744
Title:
IIS: Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability
Type:
Web
Bulletins:
CVE-2002-1744
SFBID4525
Severity:
Medium
Description:
Source code disclosure.
Applies to:
IIS
Created:
2002-04-16
Updated:
2024-01-17

ID:
CVE-2002-0109
Title:
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the...
Type:
Hardware
Bulletins:
CVE-2002-0109
SFBID3795
Severity:
Medium
Description:
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query.
Applies to:
BEFSR41
BEFSR81
Created:
2002-03-25
Updated:
2024-01-17

ID:
CVE-2002-0061
Title:
Apache: Apache Win32 Batch File Remote Command Execution Vulnerability
Type:
Web
Bulletins:
CVE-2002-0061
SFBID4335
Severity:
High
Description:
Remote Command Execution.
Applies to:
Apache
Created:
2002-03-21
Updated:
2024-01-17

ID:
CVE-2002-0434
Title:
All Servers: Directory.php Allows Arbitrary Code Execution
Type:
Web
Bulletins:
CVE-2002-0434
SFBID4278
Severity:
High
Description:
Arbitrary Code Execution.
Applies to:
Created:
2002-03-12
Updated:
2024-01-17

ID:
SFBID4261
Title:
Web server 404 path disclosure
Type:
Miscellaneous
Bulletins:
SFBID4261
Severity:
Medium
Description:
Some web servers disclose the webroot path when asked for a non existant page. This should not be allowed on production servers.
Applies to:
Created:
2002-03-09
Updated:
2010-08-21

ID:
CVE-2000-1196
Title:
Netscape: Netscape PSCOErrPage
Type:
Web
Bulletins:
CVE-2000-1196
Severity:
Medium
Description:
View any file on the remote computer.
Applies to:
Netscape
Created:
2002-03-09
Updated:
2024-01-17

ID:
CVE-2001-0461
Title:
All Servers: Free On-line Dictionary
Type:
Web
Bulletins:
CVE-2001-0461
Severity:
High
Description:
Possible Remote command execution.
Applies to:
Created:
2002-03-09
Updated:
2024-01-17

ID:
CVE-2002-0083
Title:
OpenSSH Channel Code Off-By-One Vulnerability
Type:
Miscellaneous
Bulletins:
CVE-2002-0083
SFBID4241
Severity:
High
Description:
Exploitation of this vulnerability may give the attacker the ability to execute arbitrary code on the vulnerable system.
Applies to:
OpenSSH
Created:
2002-03-07
Updated:
2024-01-17

ID:
CVE-2002-0082
Title:
Apache Mod_SSL-Apache-SSL Buffer Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
CVE-2002-0082
SFBID4189
Severity:
High
Description:
May allow for attackers to execute arbitrary code.
Applies to:
Apache
Created:
2002-02-27
Updated:
2024-01-17

ID:
CVE-2002-0081
Title:
PHP Post File Upload Buffer Overflow Vulnerabilities
Type:
Miscellaneous
Bulletins:
CVE-2002-0081
SFBID4183
Severity:
High
Description:
Possibly run arbitrary code (read the advisory for more info).
Applies to:
PHP
Created:
2002-02-26
Updated:
2024-01-17

ID:
CVE-2002-0232
Title:
All Servers: MRTG CGI Arbitrary File Display Vulnerability
Type:
Web
Bulletins:
CVE-2002-0232
SFBID4017
Severity:
Medium
Description:
View arbitrary files.
Applies to:
MRTG
Created:
2002-02-02
Updated:
2024-01-17

ID:
CVE-2002-0232
Title:
All Servers: MRTG CGI Arbitrary File Display Vulnerability
Type:
Web
Bulletins:
CVE-2002-0232
SFBID4017
Severity:
Medium
Description:
View arbitrary files.
Applies to:
MRTG
Created:
2002-02-02
Updated:
2024-01-17

ID:
CVE-2002-0232
Title:
All Servers: MRTG CGI Arbitrary File Display Vulnerability
Type:
Web
Bulletins:
CVE-2002-0232
SFBID4017
Severity:
Medium
Description:
View arbitrary files.
Applies to:
MRTG
Created:
2002-02-02
Updated:
2024-01-17

ID:
CVE-2002-0232
Title:
All Servers: MRTG CGI Arbitrary File Display Vulnerability
Type:
Web
Bulletins:
CVE-2002-0232
SFBID4017
Severity:
Medium
Description:
View arbitrary files.
Applies to:
MRTG
Created:
2002-02-02
Updated:
2024-01-17

ID:
CVE-2002-0232
Title:
All Servers: MRTG CGI Arbitrary File Display Vulnerability
Type:
Web
Bulletins:
CVE-2002-0232
SFBID4017
Severity:
Medium
Description:
View arbitrary files.
Applies to:
MRTG
Created:
2002-02-02
Updated:
2024-01-17

ID:
CVE-2002-2113
Title:
All Servers: AHG's 'search.cgi' Search Engine Input Validation Flaw
Type:
Web
Bulletins:
CVE-2002-2113
SFBID3985
Severity:
High
Description:
Remote users can execute arbitrary commands on the web server.
Applies to:
AHG
Created:
2002-01-29
Updated:
2024-01-17

ID:
SFBID3915
Title:
All Servers: COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability
Type:
Web
Bulletins:
SFBID3915
Severity:
Medium
Description:
Sensitive information disclosure.
Applies to:
COWS
Created:
2002-01-21
Updated:
2010-08-21

ID:
CVE-2002-2032
Title:
All Servers: Possible PHPNuke SQL_Debug Information Disclosure Vulnerability
Type:
Web
Bulletins:
CVE-2002-2032
SFBID3906
Severity:
Medium
Description:
Information disclosure.
Applies to:
Created:
2002-01-18
Updated:
2024-01-17

ID:
CVE-2002-2033
Title:
Apache: Faqmanager.cgi file read vulnerability
Type:
Web
Bulletins:
CVE-2002-2033
SFBID3810
Severity:
Medium
Description:
Faqmanager can be used to read files on the server the httpd has access to.
Applies to:
Apache
Created:
2002-01-07
Updated:
2024-01-17

ID:
CVE-2002-2029
Title:
Apache: Security Risk When Using the CGI Binary (PHP.EXE) Under Apache
Type:
Web
Bulletins:
CVE-2002-2029
SFBID3786
Severity:
High
Description:
Read arbitrary files from remote server.
Applies to:
Apache
Created:
2002-01-04
Updated:
2024-01-17

ID:
REF000323
Title:
yppasswdd service running
Type:
RPC
Bulletins: Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000308
Title:
Windows AutoUpdate is not enabled
Type:
Registry
Bulletins: Severity:
High
Description:
Windows AutoUpdate is not enabled, therefore it is recommended to look into this issue unless LANguard is used for network-wide patch management.
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000307
Title:
Windows AutoUpdate is enabled but requires user interaction to install patches
Type:
Registry
Bulletins: Severity:
Low
Description:
While AutoUpdate is enabled, the end user must approve the installation. This could lead to a delay in patches installation should the user select not install patches promptly.
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000306
Title:
Windows AutoUpdate is enabled but require user intervention for both patch download and installation
Type:
Registry
Bulletins: Severity:
Low
Description:
Although windows AutoUpdate is enabled, the system relies on the end user to approve both patch download and installation.This could lead to a delay in patch installation or no installation at all.
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000322
Title:
walld message spoofing
Type:
RPC
Bulletins: Severity:
Low
Description:
An attacker can use this service for spoofing console messages.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000256
Title:
Vulnerable Linux/Unix application package
Type:
Miscellaneous
Bulletins: Severity:
High
Description:
Checks installed application versions for known security updates issued in newer versions.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000319
Title:
This computer is a NIS server
Type:
RPC
Bulletins: Severity:
Low
Description:
NIS has a reputation of being extremely insecure. Read the following document for detalied information.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Telecomando trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000189
Title:
Systems Management Server
Type:
Information
Bulletins: Severity:
Information
Description:
Systems Management Server is running on this computer.
Applies to:
SMS
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Syphillis 1-18 trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Subseven 2-x trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000187
Title:
SSL module running
Type:
Information
Bulletins: Severity:
Information
Description:
SSL is designed to encrypt and thus secure data in transit between a client and a server. However SSL does not eradicate vulnerabilities on the web server. These servers are vulnerable to the same attacks that compromise other non-SSL web servers.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000186
Title:
SSL enabled
Type:
Information
Bulletins: Severity:
Information
Description:
SSL is designed to encrypt and thus secure data in transit between a client and a server. However SSL does not eradicate vulnerabilities on the web server. These servers are vulnerable to the same attacks that compromise other non-SSL web servers.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000295
Title:
Shutdown without logon
Type:
Registry
Bulletins: Severity:
Low
Description:
Anybody is allowed to shutdown this computer. For more information, visit: http://support.microsoft.com/kb/816569
Applies to:
Created:
2002-01-01
Updated:
2018-05-02

ID:
CVE-1999-0660
Title:
Psychward trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Prosiak 0-70 trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Priority BETA trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000184
Title:
PHP module running
Type:
Information
Bulletins: Severity:
Information
Description:
PHP is installed on this web server.
Applies to:
PHP
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000183
Title:
Perl module running
Type:
Information
Bulletins: Severity:
Information
Description:
mod_perl is installed on this web server.
Applies to:
Perl
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000081
Title:
Netscape: Netscape Administration Server admin password
Type:
Web
Bulletins: Severity:
Medium
Description:
Read encrypted password for Netscape Administration server.
Applies to:
Netscape
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
NetbusPro2 trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Ncw trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000304
Title:
Nachi Worm
Type:
Registry
Bulletins: Severity:
High
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000283
Title:
LM Hash
Type:
Registry
Bulletins: Severity:
Medium
Description:
It is recommended to use NTLM authentication instead of LM. For more information, visit: http://support.microsoft.com/kb/147706
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000198
Title:
Linux/Unix application package(s) version check
Type:
Information
Bulletins: Severity:
Information
Description:
This check lists all application that are older than latest recorded release.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000282
Title:
Last logged-on username visible
Type:
Registry
Bulletins: Severity:
Low
Description:
By default, Windows displays the last logged-on user. For more information, visit: http://support.microsoft.com/kb/114463
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Kuang trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Indoctrination trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
A trojan horse is likely to be installed on this computer.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000124
Title:
IIS: Terminal Services
Type:
Web
Bulletins: Severity:
Low
Description:
Terminal Services are installed on this computer.
Applies to:
IIS
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000062
Title:
IIS: IIS Global.asa Retrieval
Type:
Web
Bulletins: Severity:
Low
Description:
Possible sensitive information disclosure.
Applies to:
IIS
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000060
Title:
IIS: IIS ASP.NET Application Trace Enabled
Type:
Web
Bulletins: Severity:
Low
Description:
Possible sensitive information disclosure.
Applies to:
IIS
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000275
Title:
Guest users have access to the system log
Type:
Registry
Bulletins: Severity:
Medium
Description:
You should disable guest access by creating a DWORD key named "RestrictGuestAccess" with value of "1" (HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/EventLog/System)
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000273
Title:
Guest users have access to the security log
Type:
Registry
Bulletins: Severity:
Medium
Description:
You should disable guest access by creating a DWORD key named "RestrictGuestAccess" with value of "1" (HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/EventLog/Security).
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000271
Title:
Guest users have access to the application log
Type:
Registry
Bulletins: Severity:
Medium
Description:
You should disable guest access by creating a DWORD key named "RestrictGuestAccess" with value of "1" (HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/EventLog/Application)
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000179
Title:
Frontpage extensions enabled
Type:
Information
Bulletins: Severity:
Information
Description:
Frontpage extensions are enabled on this web server.
Applies to:
Frontpage extensions
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000311
Title:
fam service running
Type:
RPC
Bulletins: Severity:
Medium
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
CrazyNet trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
CrazyNet Trojan inserts itself into a computer and runs in the background, allowing an attacker to gain full control over this computer. Such trojan is installed in %windir%\Registry32.exe, where %windir% is a variable, and is the folder where Windows is installed. The following lines in System.ini are set:run=Registry32.exeshell=Explorer.exe Registry32.exeIt also created the valueReg32With the string “Registry32.exe”in the registry keyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunIn order to solve this problem, delete the value Reg32 in the registry. One should also delete the two mentioned lines above from the System.ini file.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000178
Title:
ClearCase running
Type:
Information
Bulletins: Severity:
Information
Description:
ClearCase is running on this computer.
Applies to:
ClearCase
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000265
Title:
Cached Logon Credentials
Type:
Registry
Bulletins: Severity:
Low
Description:
Microsoft Windows NT caches the logon information of users who would have logged on, so that they would be able to logon when the server is unavailable. When a domain controller is unavailable and a user’s logon information is cached, the user will still be allowed to logon. The cache can hold up from 0 to 50 logon attempts, with the value of 0 disabling logon caching. If the value is set to a high value and an administrator logs in to computers to solve specific problems, an attacker might obtain the credentials of the administrator at a later stage, and logon with such an account, having powerful privileges. The registry value for setting this type of caching is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount. Ideally it should be set to either 0 to disable caching, or else it should be set to 1 to provide for functionality (allowing the last user to logon immediately next time) and security.
Applies to:
Windows NT
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000303
Title:
Blaster Worm
Type:
Registry
Bulletins: Severity:
High
Description:
Blaster Worm was a computer worm that spread through Microsoft Windows XP and Windows 2000 operating systems. The worm was programmed to start a SYN flood on August 2003 against port 80 of windowsupdate.com, creating a denial of service attack against such site. However, Microsoft immediately shut down the targeted site creating minimal effects. The worm can be detected because it adds the value: "windows auto update"="msblast.exe"To the registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunThe worm spread by exploiting a buffer overflow in the DCOM RPC service on the affected operating system. Computers infected with such worm will become unstable and will restart.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-1999-0660
Title:
Back Orifice 2000 (BO2K) trojan
Type:
Registry
Bulletins:
CVE-1999-0660
Severity:
Medium
Description:
Back Orifice 2000 is a backdoor trojan horse, which when installed on Microsoft Windows system it allows attackers to gain full access to the system through a network connection. In consists of a client and a server, where the client runs on one machine and is used to monitor and control a second machine running the server application. To remove Back Orifice manually one needs to restart the machine in MS_DOS mode and delete the Back Orifice server from the Windows system directory using the following command:DEL C:\WINDOWS\SYSTEM\EXE~1Back Orifice will also add a key to the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Cult Of The Dead Cow\Back Orifice 2000So by checking the registry, such trojan can be detected.When the trojan horse is executed it opens connections from the computer where it is installed, to the Internet. An intruder will be able to control the computer. The trojan horse is invisible and will restart itself automatically when Windows is rebooted. Through Back Orifice, an attacker can view and modify files, create a log file of the computer users’ actions, crash a computer, and take screen shots of the computer screen.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000262
Title:
AutoShareWKS
Type:
Registry
Bulletins: Severity:
Low
Description:
The administrative shares (C$,D$,ADMIN$,etc) are available on this machine. For Internal networks these are normally turned on for administrative purposes. For Web server(s) these are normally turned off in order to solidify the possible entry points (since it is more exposed to attacks.). If you don't use them set HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareWks to 0 to prevent creation of these shares. For more information, visit: http://support.microsoft.com/kb/245117
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000260
Title:
AutoShareServer
Type:
Registry
Bulletins: Severity:
Low
Description:
The administrative shares (C$,D$,ADMIN$,etc) are available on this machine. For Internal networks these are normally turned on for administrative purposes. For Web server(s) these are normally turned off in order to solidify the possible entry points (since it is more exposed to attacks.). If you don't use them set HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServer to 0 to prevent creation of these shares. For more information, visit: http://support.microsoft.com/kb/245117
Applies to:
Windows
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000305
Title:
Auto Logon
Type:
Registry
Bulletins: Severity:
High
Description:
Automatic logon uses the domain, user name, and password stored in the registry to log users on to the computer when the system starts. The problem with automatic logon is the fact that any user can start your computer and log on using your account. Automatic logon proceeds differently from authenticated logon, and can cause timing conflicts. For example if one is loading several network transport protocols, automatic logon might cause Windows 2000 to attempt to connect to some network resources before the protocols’ network transports are completely loaded. In order to solve this vulnerability one should set AutoAdminLogon to 0, and delete the value of DefaultPassword. The latter is stored and displayed in the registry editor in plain, unencrypted text.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-2000-0628
Title:
Apache: Apache source.asp
Type:
Web
Bulletins:
CVE-2000-0628
Severity:
High
Description:
Create files in the directory where source.asp is located. An attacker can upload his own scripts and run them.
Applies to:
Apache
Created:
2002-01-01
Updated:
2024-01-17

ID:
REF000016
Title:
Apache: Apache server-status
Type:
Web
Bulletins: Severity:
Low
Description:
Information such as server version and type should be hidden/omitted or changed to something more generic where possible so that such information is hidden from potential intruders.
Applies to:
Apache
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000015
Title:
Apache: Apache server-info
Type:
Web
Bulletins: Severity:
Low
Description:
Information such as server version and type should be hidden/omitted or changed to something more generic where possible so that such information is hidden from potential intruders.
Applies to:
Apache
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000013
Title:
Apache: Apache manual
Type:
Web
Bulletins: Severity:
Low
Description:
Apache online manual has not been removed.
Applies to:
Apache
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000309
Title:
amd service running
Type:
RPC
Bulletins: Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands).
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000090
Title:
All Servers: Perl.exe
Type:
Web
Bulletins: Severity:
Medium
Description:
Possible to run perl commands (web server level privileges).
Applies to:
Perl
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000040
Title:
All Servers: Directory Manager Execution bug
Type:
Web
Bulletins: Severity:
Medium
Description:
Allows an attacker to execute commands as webserver-user.
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
REF000191
Title:
A modem is installed on this computer
Type:
Information
Bulletins: Severity:
Information
Description:
Modems can be a network security threats because they allow insiders to make unfiltered connections using the telephone system
Applies to:
Created:
2002-01-01
Updated:
2010-08-21

ID:
CVE-2001-1209
Title:
All Servers: Abe Timmerman zml.cgi File Disclosure Vulnerability
Type:
Web
Bulletins:
CVE-2001-1209
SFBID3759
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2001-12-31
Updated:
2024-01-17

ID:
CVE-2001-1210
Title:
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary...
Type:
Hardware
Bulletins:
CVE-2001-1210
SFBID3758
Severity:
Medium
Description:
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
Applies to:
Cisco uBR 924 Cable Access Router
Cisco uBR 925 Cable Access Router
Created:
2001-12-30
Updated:
2024-01-17

ID:
CVE-2001-1221
Title:
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
Type:
Hardware
Bulletins:
CVE-2001-1221
SFBID3736
Severity:
Medium
Description:
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
Applies to:
DWL-1000AP
Created:
2001-12-21
Updated:
2024-01-17

ID:
CVE-2001-1220
Title:
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
Type:
Hardware
Bulletins:
CVE-2001-1220
SFBID3735
Severity:
High
Description:
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
Applies to:
DWL-1000AP
Created:
2001-12-21
Updated:
2024-01-17

ID:
CVE-2001-0866
Title:
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access...
Type:
Hardware
Bulletins:
CVE-2001-0866
SFBID3537
Severity:
High
Description:
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0865
Title:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
Type:
Hardware
Bulletins:
CVE-2001-0865
SFBID3540
Severity:
High
Description:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0864
Title:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
Type:
Hardware
Bulletins:
CVE-2001-0864
SFBID3536
Severity:
High
Description:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0867
Title:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
Type:
Hardware
Bulletins:
CVE-2001-0867
SFBID3538
Severity:
High
Description:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0863
Title:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
Type:
Hardware
Bulletins:
CVE-2001-0863
SFBID3539
Severity:
Medium
Description:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0862
Title:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
Type:
Hardware
Bulletins:
CVE-2001-0862
SFBID3535
Severity:
High
Description:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0861
Title:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
Type:
Hardware
Bulletins:
CVE-2001-0861
SFBID3534
Severity:
Medium
Description:
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
Applies to:
Cisco 12000 Router Series
Created:
2001-12-06
Updated:
2024-01-17

ID:
CVE-2001-0929
Title:
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
Type:
Hardware
Bulletins:
CVE-2001-0929
SFBID3588
Severity:
High
Description:
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
Applies to:
Created:
2001-11-28
Updated:
2024-01-17

ID:
CVE-2001-0550
Title:
WU-FTPD glob() function error handling heap corruption
Type:
FTP
Bulletins:
CVE-2001-0550
SFBID3581
Severity:
High
Description:
All versions of WU-FTPD alows an attacker to cause a heap corruption, caused by a vulnerability in the glob function. Such function fails to properly signal an error to its caller, and the ftpglob function fails to set the globerr variable under certain situations. The attacker can send a command followed by a tilde and open bracket characters to the FTP server causing a corruption of the process memory space. This allows the execution of arbitrary code on the system with root privileges. In order to detect the vulnerability, the following checks should be enable in the ISS Protection Platform:WuftpGlobHeapCorruptionwuftp-glob-heap-corruptionFor a virtual patch enable the following check in the ISS Protection Platform:FTP_Glob_TildeBrace_VulnsBlock or restrict port 21 in the ISS Protection Platform.For more information on how to do manual protection see: http://xforce.iss.net/xforce/xfdb/7611
Applies to:
wu-ftpd
Created:
2001-11-27
Updated:
2024-01-17

ID:
CVE-2001-0895
Title:
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the...
Type:
Hardware
Bulletins:
CVE-2001-0895
SFBID3547
Severity:
Medium
Description:
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
Applies to:
Cisco Catalyst 2900 Series XL Switches
Cisco Catalyst 2950 Series Switches
Cisco Catalyst 3500 Series XL Switches
Cisco Catalyst 3550 Series Switches
Cisco Catalyst 4000 Series Switches
Cisco Catalyst C2948G-L3 Ethernet Switch
Cisco Catalyst...
Created:
2001-11-15
Updated:
2024-01-17

ID:
REF000251
Title:
SSH server accepts Version 1.x connections
Type:
Miscellaneous
Bulletins: Severity:
Medium
Description:
SSH protocol Version 1 has various vulnerabilities, this should be disabled and only version 2 clients should be allowed to connect. For more information, visit: http://www.ssh.com/company/newsroom/article/210/
Applies to:
Created:
2001-11-07
Updated:
2010-08-21

ID:
CVE-2001-1503
Title:
Solaris Fingerd Discloses Complete User List
Type:
Miscellaneous
Bulletins:
CVE-2001-1503
SFBID3457
Severity:
Low
Description:
Sensitive information disclosure.
Applies to:
Solaris
SunOS
Created:
2001-10-22
Updated:
2024-01-17

ID:
CVE-2001-0751
Title:
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
Type:
Hardware
Bulletins:
CVE-2001-0751
Severity:
High
Description:
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
Applies to:
Created:
2001-10-18
Updated:
2024-01-17

ID:
CVE-2001-0750
Title:
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
Type:
Hardware
Bulletins:
CVE-2001-0750
SFBID2804
Severity:
Medium
Description:
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
Applies to:
Created:
2001-10-18
Updated:
2024-01-17

ID:
CVE-2001-0753
Title:
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
Type:
Hardware
Bulletins:
CVE-2001-0753
Severity:
High
Description:
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
Applies to:
Created:
2001-10-18
Updated:
2024-01-17

ID:
CVE-2001-0752
Title:
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
Type:
Hardware
Bulletins:
CVE-2001-0752
Severity:
Medium
Description:
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
Applies to:
Created:
2001-10-18
Updated:
2024-01-17

ID:
CVE-2001-0754
Title:
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
Type:
Hardware
Bulletins:
CVE-2001-0754
Severity:
Medium
Description:
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
Applies to:
Created:
2001-10-18
Updated:
2024-01-17

ID:
CVE-2001-0757
Title:
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.
Type:
Hardware
Bulletins:
CVE-2001-0757
SFBID2874
Severity:
High
Description:
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.
Applies to:
Cisco 6400 Universal Access Concentrator
Created:
2001-10-18
Updated:
2024-01-17

ID:
CVE-2001-1156
Title:
TYPSoft FTP Server 0-95-1 and possibly prior for Microsoft Windows Can Be Crashed by Remote Users
Type:
FTP
Bulletins:
CVE-2001-1156
SFBID3409
Severity:
Medium
Description:
A vulnerability was reported in TYPSoft’s FTP Server, where remote users can cause the server to crash. There is currently no solution to the vulnerability at the moment. If a remote user accesses the FTP service and sends a STOR or RETR command as shown below, the FTP server goes into a denial of service condition since it will consume nearly all CPU resources.RETR ../../*STOR ../../*
Applies to:
TYPSoft FTP Server
Created:
2001-10-09
Updated:
2024-01-17

ID:
CVE-2001-1071
Title:
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
Type:
Hardware
Bulletins:
CVE-2001-1071
SFBID3412
Severity:
Medium
Description:
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
Applies to:
Created:
2001-10-09
Updated:
2024-01-17

ID:
CVE-2001-0650
Title:
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
Type:
Hardware
Bulletins:
CVE-2001-0650
SFBID2733
Severity:
Medium
Description:
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
Applies to:
Created:
2001-09-20
Updated:
2024-01-17

ID:
REF000106
Title:
IIS: This computer seems to be infected with Nimda
Type:
Web
Bulletins: Severity:
High
Description:
This system seems to be compromised. For more information, visit: http://www.cert.org/advisories/CA-2001-26.html
Applies to:
IIS
Created:
2001-09-18
Updated:
2010-08-21

ID:
CVE-1999-0756
Title:
IIS: Cold Fusion check
Type:
Web
Bulletins:
CVE-1999-0756
Severity:
Medium
Description:
Related links: www.isummation.com/securing_coldfusion_pages_through_iis.htmlwww.sans.org/rr/papers/index.php?id=300
Applies to:
IIS
Created:
2001-09-18
Updated:
2024-01-17

ID:
CVE-2001-1014
Title:
All Servers: (e)shop Online-Shop System
Type:
Web
Bulletins:
CVE-2001-1014
SFBID3340
Severity:
High
Description:
Allows attackers to execute commands (web server privilege).
Applies to:
Created:
2001-09-15
Updated:
2024-01-17

ID:
CVE-2001-1137
Title:
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
Type:
Hardware
Bulletins:
CVE-2001-1137
SFBID3306
Severity:
Medium
Description:
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
Applies to:
DI-704
Created:
2001-09-06
Updated:
2024-01-17

ID:
CVE-2001-0992
Title:
All Servers: ShopPlus Cart
Type:
Web
Bulletins:
CVE-2001-0992
Severity:
High
Description:
Script doesn't check symbols. any user can execute commands on webserver.
Applies to:
ShopPlus Cart
Created:
2001-09-05
Updated:
2024-01-17

ID:
CVE-2001-1065
Title:
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
Type:
Hardware
Bulletins:
CVE-2001-1065
Severity:
Medium
Description:
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
Applies to:
Created:
2001-08-31
Updated:
2024-01-17

ID:
CVE-2001-0711
Title:
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
Type:
Hardware
Bulletins:
CVE-2001-0711
Severity:
Medium
Description:
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
Applies to:
Created:
2001-08-31
Updated:
2024-01-17

ID:
CVE-2001-1064
Title:
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop...
Type:
Hardware
Bulletins:
CVE-2001-1064
SFBID3236
Severity:
Medium
Description:
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
Applies to:
Created:
2001-08-31
Updated:
2024-01-17

ID:
CVE-2001-1168
Title:
All Servers: PhpMyExplorer Vulnerable to Directory Traversal
Type:
Web
Bulletins:
CVE-2001-1168
Severity:
Medium
Description:
Allows attackers to view and read files that reside outside the normal bound directory.
Applies to:
PhpMyExplorer
Created:
2001-08-29
Updated:
2024-01-17

ID:
CVE-2001-0589
Title:
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
Type:
Hardware
Bulletins:
CVE-2001-0589
SFBID2523
Severity:
Low
Description:
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
Applies to:
Created:
2001-08-22
Updated:
2024-01-17

ID:
CVE-2001-0622
Title:
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating...
Type:
Hardware
Bulletins:
CVE-2001-0622
SFBID2806
Severity:
High
Description:
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Created:
2001-08-14
Updated:
2024-01-17

ID:
CVE-2001-0621
Title:
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
Type:
Hardware
Bulletins:
CVE-2001-0621
SFBID2745
Severity:
High
Description:
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
Applies to:
Cisco CSS 11100 Content Services Switch Series
Created:
2001-08-14
Updated:
2024-01-17

ID:
CVE-2001-0566
Title:
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
Type:
Hardware
Bulletins:
CVE-2001-0566
Severity:
Medium
Description:
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
Applies to:
Cisco Catalyst 2900 Series XL Switches
Created:
2001-08-14
Updated:
2024-01-17

ID:
CVE-2001-1117
Title:
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
Type:
Hardware
Bulletins:
CVE-2001-1117
SFBID3141
Severity:
Medium
Description:
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
Applies to:
BEFSR41
Created:
2001-08-10
Updated:
2024-01-17

ID:
CVE-2001-1021
Title:
Ipswitch WS_FTP Server 2-0-2 Will Execute Remotely-Supplied Arbitrary Code
Type:
FTP
Bulletins:
CVE-2001-1021
Severity:
High
Description:
There exists a vulnerability in WS_FTP server, allowing a remote user to execute arbitrary code on the server with system privileges. This is due to a buffer overflow triggered by a valid remote user or an anonymous user. A patch has been release by the vendor, which is available at: http://www.ipswitch.com/support/ws_ftp-server/patch-upgrades.asp. The commands used to create a buffer overflow are: DELE, MDTM, MLST, MKD, RMD, RNFR, RNTO, SIZE, STAT, XMKD, and XRMD. Executing one of these commands with an argument longer than 478 bytes will cause such a buffer overflow. A remote user may also send several NULL characters, causing the WS_FTP to consume 100% of the CPU resources, thus causing it to crash.
Applies to:
Ipswitch WS_FTP Server
Created:
2001-07-26
Updated:
2024-01-17

ID:
CVE-2001-1104
Title:
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
Type:
Hardware
Bulletins:
CVE-2001-1104
SFBID3098
Severity:
High
Description:
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
Applies to:
SonicWall Firewall SoHo
Created:
2001-07-25
Updated:
2024-01-17

ID:
CVE-2001-1097
Title:
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
Type:
Hardware
Bulletins:
CVE-2001-1097
SFBID3096
Severity:
Medium
Description:
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
Applies to:
Created:
2001-07-24
Updated:
2024-01-17

ID:
CVE-2001-0514
Title:
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such...
Type:
Hardware
Bulletins:
CVE-2001-0514
SFBID2896
Severity:
High
Description:
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
Applies to:
wap11
Created:
2001-07-21
Updated:
2024-01-17

ID:
CVE-2001-0537
Title:
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
Type:
Hardware
Bulletins:
CVE-2001-0537
SFBID2936
Severity:
High
Description:
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
Applies to:
Created:
2001-07-21
Updated:
2024-01-17

ID:
REF000105
Title:
IIS: This computer is infected with CodeRed
Type:
Web
Bulletins: Severity:
High
Description:
This system seems to be compromised. For more information, visit: http://www.securiteam.com/windowsntfocus/5WP0L004US.html
Applies to:
IIS
Created:
2001-07-20
Updated:
2010-08-21

ID:
CVE-2001-0804
Title:
All Servers: Directory traversal vulnerability in story.pl
Type:
Web
Bulletins:
CVE-2001-0804
SFBID3028
Severity:
Medium
Description:
Directory traversal.
Applies to:
Created:
2001-07-15
Updated:
2024-01-17

ID:
CVE-2001-1183
Title:
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Type:
Hardware
Bulletins:
CVE-2001-1183
SFBID3022
Severity:
Medium
Description:
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Applies to:
Created:
2001-07-12
Updated:
2024-01-17

ID:
CVE-2001-0444
Title:
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2001-0444
SFBID2635
Severity:
Low
Description:
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
Applies to:
Created:
2001-07-02
Updated:
2024-01-17

ID:
CVE-2001-0429
Title:
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
Type:
Hardware
Bulletins:
CVE-2001-0429
SFBID2604
Severity:
Medium
Description:
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
Applies to:
Created:
2001-07-02
Updated:
2024-01-17

ID:
CVE-2001-0455
Title:
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
Type:
Hardware
Bulletins:
CVE-2001-0455
Severity:
High
Description:
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
Applies to:
Cisco Aironet Ap340
Created:
2001-06-27
Updated:
2024-01-17

ID:
CVE-2001-0698
Title:
SurgeFTP nlist directory traversal
Type:
FTP
Bulletins:
CVE-2001-0698
SFBID2892
Severity:
Medium
Description:
SurgeFTP Server version 2.0a is prone to a vulnerability where a remote attacker can traverse directories, if the attacker issues an NLIST command followed by a ‘dot dot’ (/../) sequence. The attacker will be able to view any file on the server. This vulnerability issue can be solved by upgrading to the latest version i.e. 20.b or later, which can be found at: http://www.netwinsite.com/surgeftp/
Applies to:
SurgeFTP
Created:
2001-06-19
Updated:
2024-01-17

ID:
CVE-2001-0376
Title:
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This...
Type:
Hardware
Bulletins:
CVE-2001-0376
Severity:
High
Description:
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.
Applies to:
SonicWall Firewall SoHo 2
SonicWall Firewall Tele 2
Created:
2001-06-18
Updated:
2024-01-17

ID:
CVE-2001-0427
Title:
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several...
Type:
Hardware
Bulletins:
CVE-2001-0427
Severity:
High
Description:
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
Applies to:
Cisco VPN 3015 Concentrator
Cisco VPN 3030 Concentrator
Cisco VPN 3060 Concentrator
Cisco VPN 3080 Concentrator
Cisco Vpn 3005 Concentrator
Created:
2001-06-18
Updated:
2024-01-17

ID:
CVE-2001-0375
Title:
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
Type:
Hardware
Bulletins:
CVE-2001-0375
SFBID2551
Severity:
Medium
Description:
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
Applies to:
Cisco PIX 515 Firewall
Cisco PIX 520 Firewall
Created:
2001-06-18
Updated:
2024-01-17

ID:
CVE-2001-0412
Title:
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
Type:
Hardware
Bulletins:
CVE-2001-0412
SFBID2559
Severity:
High
Description:
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
Applies to:
Cisco CSS 11050 Content Services Switch
Cisco CSS 11150 Content Services Switch
Cisco CSS 11800 Content Services Switch
Created:
2001-06-18
Updated:
2024-01-17

ID:
CVE-2001-0821
Title:
All Servers: DCShop vulnerability
Type:
Web
Bulletins:
CVE-2001-0821
SFBID2889
Severity:
Medium
Description:
Possible retrieval of sensitive information.
Applies to:
DCShop
Created:
2001-06-18
Updated:
2024-01-17

ID:
CVE-2001-0820
Title:
Possible Gaztek HTTP Daemon (ghttpd) buffer overflow
Type:
Miscellaneous
Bulletins:
CVE-2001-0820
SFBID2879
Severity:
High
Description:
Run arbitrary code (ghttpd privileges).
Applies to:
ghttpd
Created:
2001-06-17
Updated:
2024-01-17

ID:
CVE-2001-0688
Title:
Broker FTP server 5.9.5.0
Type:
FTP
Bulletins:
CVE-2001-0688
SFBID2851
Severity:
Medium
Description:
Broker FTP Server 5.9.5.0 is prone to two vulnerabilities, one being a Buffer Overflow, which may cause a Denial of Service (DoS) condition, while the other one leads to a Directory Traversal, where an attacker will be able to look through the files and folders of a system. There is currently no solution for any of the above vulnerabilities. The buffer overflow can be generated by repeatedly sending the following command:CWD . . orCD . . (for an FTP client). An attacker could also add some more spaces between the dots for a worse effect. The server will add these directory paths to the current path, causing a DoS condition after a certain bound has been reached. One can go through the contents of a drive available on the system, by first going to the home directory when typing the following command:CD C: or CD C:\One can then use the LS command to go through the available files. Although one will be able to go through the files available, it is not possible to send or receive files.
Applies to:
Broker FTP server
Created:
2001-06-10
Updated:
2024-01-17

ID:
CVE-2001-0767
Title:
GuildFTPD FTP
Type:
FTP
Bulletins:
CVE-2001-0767
SFBID2789
Severity:
Medium
Description:
There exists a vulnerability in GuildFTPd version 0.97 known as a directory traversal. This allows anyone with a valid FTP login to read arbitrary files on the system. In order to resolve this problem one will have to upgrade the FTP server to a later version. The commands which cause the directory traversal are:CD ../CD .../CD /.../CD C:\ and others. All of these commands give the ‘550 Access denied’ error.
Applies to:
GuildFTPD
Created:
2001-05-26
Updated:
2024-01-17

ID:
CVE-1999-0922
Title:
IIS: Cold Fusion check
Type:
Web
Bulletins:
CVE-1999-0922
Severity:
Medium
Description:
Related links: www.macromedia.com/devnet/coldfusion/security.html www.isummation.com/securing_coldfusion_pages_through_iis.html www.sans.org/rr/papers/index.php?id=300
Applies to:
IIS
Created:
2001-05-07
Updated:
2024-01-17

ID:
CVE-2001-0561
Title:
All Servers: A1Stats
Type:
Web
Bulletins:
CVE-2001-0561
CVE-2001-0562
SFBID2705
Severity:
High
Description:
Remote file retrieving.
Applies to:
A1Stats
Created:
2001-05-07
Updated:
2024-01-17

ID:
CVE-2001-0288
Title:
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
Type:
Hardware
Bulletins:
CVE-2001-0288
Severity:
High
Description:
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
Applies to:
Created:
2001-05-03
Updated:
2024-01-17

ID:
CVE-2001-0463
Title:
All Servers: PerlCal allows remote file retrieving
Type:
Web
Bulletins:
CVE-2001-0463
SFBID2663
Severity:
Medium
Description:
Remove file retrieving.
Applies to:
PerlCal
Created:
2001-04-27
Updated:
2024-01-17

ID:
CVE-2001-0272
Title:
All Servers: sendtemp.pl
Type:
Web
Bulletins:
CVE-2001-0272
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2001-04-04
Updated:
2024-01-17

ID:
CVE-2001-0466
Title:
All Servers: uStorekeeper allows remote file retrieving
Type:
Web
Bulletins:
CVE-2001-0466
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
uStorekeeper
Created:
2001-04-03
Updated:
2024-01-17

ID:
CVE-2001-0236
Title:
Possible snmpXdmid SunOS buffer overflow
Type:
RPC
Bulletins:
CVE-2001-0236
SFBID2417
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
2001-03-15
Updated:
2024-01-17

ID:
CVE-2000-0368
Title:
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
Type:
Hardware
Bulletins:
CVE-2000-0368
Severity:
Low
Description:
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
Applies to:
Created:
2001-03-12
Updated:
2024-01-17

ID:
CVE-2001-0360
Title:
All Servers: Ikonboard allows remote file retrieving
Type:
Web
Bulletins:
CVE-2001-0360
SFBID2471
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Ikonboard
Created:
2001-03-11
Updated:
2024-01-17

ID:
CVE-2002-0558
Title:
TYPSoft FTP Server 0-97-1 and prior Discloses Listing of Directory Contents for Any Directory on the
Type:
FTP
Bulletins:
CVE-2002-0558
SFBID2489
Severity:
Medium
Description:
TYPSoft’s FTP server is prone to a vulnerability, where a remote user can obtain a listing of the files located on the same drive as the FTP server. This vulnerability has been solved with the new fixed version 0.97.5, which is available at the vendor’s web site at: http://www.typsoft.com/Some example of FTP commands which cause the crash are:ls ../../*.*ls "../../My%20files/*.*"
Applies to:
TYPSoft FTP Server
Created:
2001-02-28
Updated:
2024-01-17

ID:
CVE-2001-0293
Title:
FtpXQ FTP Server
Type:
FTP
Bulletins:
CVE-2001-0293
SFBID2426
Severity:
Medium
Description:
FTPXQ FTP Server 2.0.93 is prone to a vulnerability known as directory traversal, where remote attackers read arbitrary files via a .. (dot dot) in the GET command. An attacker will thus have the ability to view any file on a remote computer. There is currently a fix available for such a vulnerability.
Applies to:
FtpXQ FTP Server
Created:
2001-02-28
Updated:
2024-01-17

ID:
CVE-2004-1776
Title:
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
Type:
Hardware
Bulletins:
CVE-2004-1776
Severity:
High
Description:
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
Applies to:
Created:
2001-02-28
Updated:
2024-01-17

ID:
CVE-2001-1434
Title:
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
Type:
Hardware
Bulletins:
CVE-2001-1434
Severity:
Medium
Description:
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
Applies to:
Created:
2001-02-28
Updated:
2024-01-17

ID:
SFBID2698
Title:
Multiple WarFTPd (1-71) DoS
Type:
FTP
Bulletins:
SFBID2698
Severity:
Medium
Description:
A vulnerability exists in the following FTP servers: Serv-U FTP Server, G6 FTP Server and WarFTPd Server. Submitting an ‘a:/’ with the GET or RETR command appended with arbitrary data repeatedly, will cause a denial of service, since the CPU usage will go up to 100%.There are no solutions or vendor-supplied patches for this vulnerability.
Applies to:
WarFTPd
Created:
2001-02-17
Updated:
2010-08-21

ID:
CVE-2001-0058
Title:
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
Type:
Hardware
Bulletins:
CVE-2001-0058
Severity:
Medium
Description:
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
Applies to:
Cisco 600 Routers
Created:
2001-02-16
Updated:
2024-01-17

ID:
CVE-2001-0056
Title:
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
Type:
Hardware
Bulletins:
CVE-2001-0056
Severity:
High
Description:
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
Applies to:
Created:
2001-02-16
Updated:
2024-01-17

ID:
CVE-2001-0041
Title:
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
Type:
Hardware
Bulletins:
CVE-2001-0041
SFBID2072
Severity:
High
Description:
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
Applies to:
Created:
2001-02-16
Updated:
2024-01-17

ID:
CVE-2001-0057
Title:
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
Type:
Hardware
Bulletins:
CVE-2001-0057
Severity:
Medium
Description:
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
Applies to:
Cisco 600 Routers
Created:
2001-02-16
Updated:
2024-01-17

ID:
CVE-2001-0055
Title:
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
Type:
Hardware
Bulletins:
CVE-2001-0055
Severity:
Medium
Description:
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
Applies to:
Cisco 600 Routers
Created:
2001-02-16
Updated:
2024-01-17

ID:
CVE-2001-0305
Title:
All Servers: Arts Store.cgi
Type:
Web
Bulletins:
CVE-2001-0305
SFBID2385
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2001-02-16
Updated:
2024-01-17

ID:
CVE-2001-0080
Title:
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
Type:
Hardware
Bulletins:
CVE-2001-0080
SFBID2117
Severity:
Medium
Description:
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
Applies to:
Cisco Catalyst 4000 Series Switches
Cisco Catalyst 6000
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0211
Title:
All Servers: WebSPIRS
Type:
Web
Bulletins:
CVE-2001-0211
SFBID2362
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
WebSPIRS
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0214
Title:
All Servers: Way-board
Type:
Web
Bulletins:
CVE-2001-0214
SFBID2370
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Way-board
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0215
Title:
All Servers: Roads search system
Type:
Web
Bulletins:
CVE-2001-0215
SFBID2371
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0212
Title:
All Servers: HIS Aktion
Type:
Web
Bulletins:
CVE-2001-0212
SFBID2367
Severity:
High
Description:
Remote file retrieving.
Applies to:
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0210
Title:
All Servers: Commerce.cgi
Type:
Web
Bulletins:
CVE-2001-0210
SFBID2361
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0212
Title:
All Servers: Auktion.cgi
Type:
Web
Bulletins:
CVE-2001-0212
SFBID2367
Severity:
High
Description:
Remote command execution.
Applies to:
Created:
2001-02-12
Updated:
2024-01-17

ID:
CVE-2001-0144
Title:
SSH1 CRC-32 compensation attack
Type:
Miscellaneous
Bulletins:
CVE-2001-0144
SFBID2347
Severity:
High
Description:
Possible remote root.
Applies to:
Created:
2001-02-08
Updated:
2024-01-17

ID:
CVE-2001-0015
Title:
Network Dynamic Data Exchange (DDE) vulnerability
Type:
Registry
Bulletins:
CVE-2001-0015
MS01-007
Severity:
High
Description:
An malicious user can elevate his privileges.
Applies to:
Windows 2000
Created:
2001-02-05
Updated:
2024-01-17

ID:
CVE-2001-0010
Title:
BIND 8-2-1, 8-2-2
Type:
DNS
Bulletins:
CVE-2001-0010
SFBID2302
Severity:
High
Description:
BIND is a server program which uses the domain name service protocol, and is used by many DNS servers. BIND version 8 contains an overflow, allowing remote attackers to execute code with root privileges. An upgrade to BIND version 9.1.0 or installing vendor-supplied fixes is recommended. These are available at http://www.securityfocus.com/bid/2302/solution. The overflow allows some memory locations to be overwritten by known values when invalid transaction signatures are being handled. When using UDP a stack frame in BIND can be overwritten, while when using TCP the heap can be overwritten.
Applies to:
BIND
Created:
2001-01-29
Updated:
2024-01-17

ID:
CVE-2002-0400
Title:
BIND - Prior to Version 9
Type:
DNS
Bulletins:
CVE-2002-0400
SFBID4936
Severity:
Medium
Description:
BIND is a Domain Name Service (DNS) used for converting hostnames into the corresponding IP addresses. Since they are used for Internet purposes, DNSs are a popular target for attackers. A number of servers currently in production are outdated, miss-configured and/or vulnerable, hence making them more prone to attacks such as denial of service, buffer flows etc. Outdated and/or un-patched versions of BIND are most likely vulnerable, thus if one is running a version of BIND, one should ensure that it is the latest version. The current three main version of BIND are 4, 8, and 9. In order to solve such a vulnerability, one should apply all vendor patches or else upgrade to the latest version.
Applies to:
BIND
Created:
2001-01-29
Updated:
2024-01-17

ID:
CVE-2001-0253
Title:
All Servers: Hyperseek
Type:
Web
Bulletins:
CVE-2001-0253
SFBID2314
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2001-01-28
Updated:
2024-01-17

ID:
CVE-2001-0113
Title:
OmniHTTPd v2.07
Type:
Miscellaneous
Bulletins:
CVE-2001-0113
CAN-2001-0114
SFBID2211
Severity:
High
Description:
Insecure cgi scripts.
Applies to:
OmniHTTPd
Created:
2001-01-15
Updated:
2024-01-17

ID:
CVE-2000-1098
Title:
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
Type:
Hardware
Bulletins:
CVE-2000-1098
Severity:
Medium
Description:
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
Applies to:
SonicWall Firewall SoHo
Created:
2001-01-09
Updated:
2024-01-17

ID:
CVE-2000-1097
Title:
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
Type:
Hardware
Bulletins:
CVE-2000-1097
SFBID2013
Severity:
Medium
Description:
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
Applies to:
SonicWall Firewall SoHo
Created:
2001-01-09
Updated:
2024-01-17

ID:
CVE-2001-0163
Title:
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
Type:
Hardware
Bulletins:
CVE-2001-0163
Severity:
Medium
Description:
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
Applies to:
Cisco Aironet Ap340
Created:
2001-01-01
Updated:
2024-01-17

ID:
CVE-2001-0161
Title:
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.
Type:
Hardware
Bulletins:
CVE-2001-0161
Severity:
Medium
Description:
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.
Applies to:
Cisco Aironet Ap340
Created:
2001-01-01
Updated:
2024-01-17

ID:
CVE-2001-0074
Title:
All Servers: Talkback vulnerability
Type:
Web
Bulletins:
CVE-2001-0074
SFBID2155
Severity:
Medium
Description:
Remote file retrieving.
Applies to:
Created:
2000-12-23
Updated:
2024-01-17

ID:
CVE-2001-0100
Title:
All Servers: Brian Stanback bslist.cgi
Type:
Web
Bulletins:
CVE-2001-0100
SFBID2160
Severity:
High
Description:
Possible to run arbitrary commands (web server level privileges).
Applies to:
Created:
2000-12-20
Updated:
2024-01-17

ID:
CVE-2001-0099
Title:
All Servers: Brian Stanback bsguest.cgi
Type:
Web
Bulletins:
CVE-2001-0099
SFBID2159
Severity:
High
Description:
Possible to run arbitrary commands (web server level privileges).
Applies to:
Created:
2000-12-20
Updated:
2024-01-17

ID:
CVE-2000-0945
Title:
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
Type:
Hardware
Bulletins:
CVE-2000-0945
SFBID1846
Severity:
High
Description:
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
Applies to:
Cisco Catalyst 3500 XL Series
Created:
2000-12-19
Updated:
2024-01-17

ID:
CVE-2000-0984
Title:
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.
Type:
Hardware
Bulletins:
CVE-2000-0984
SFBID1838
Severity:
Medium
Description:
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.
Applies to:
Created:
2000-12-19
Updated:
2024-01-17

ID:
CVE-2001-0065
Title:
bftpd 1.0.13
Type:
FTP
Bulletins:
CVE-2001-0065
Severity:
High
Description:
BFTPD version 1.0.13 is prone to a vulnerability, where if a very long string of characters follows the SITE CHOWN command, a buffer overflow will emerge. An attacker can take advantage of this exploit by executing his/her commands to gain root privileges on the system. There is no solution currently available, but as a workaround one could configure the /etc/bftpd.conf file and replace ENABLE_SITE=yes with ENABLE_SITE=no.
Applies to:
bftpd
Created:
2000-12-13
Updated:
2024-01-17

ID:
CVE-2000-1092
Title:
All Servers: Alex Heiphetz Group EZShopper Directory Disclosure
Type:
Web
Bulletins:
CVE-2000-1092
SFBID2109
Severity:
Medium
Description:
Possible directory listing, probably view arbitrary files.
Applies to:
EZShopper
Created:
2000-12-13
Updated:
2024-01-17

ID:
CVE-2001-0025
Title:
Leif M. Wright ad.cgi
Type:
Web
Bulletins:
CVE-2001-0025
SFBID2103
Severity:
High
Description:
Possible to run arbitrary commands (web server level privileges).
Applies to:
Created:
2000-12-11
Updated:
2024-01-17

ID:
CVE-2001-0045
Title:
Windows 2000 SNMP parameters
Type:
Registry
Bulletins:
CVE-2001-0045
MS00-095
SFBID2064
SFBID2066
Severity:
High
Description:
Access/modify sensitive information (on network devices).
Applies to:
Windows 2000
Created:
2000-12-06
Updated:
2024-01-17

ID:
CVE-2001-0054
Title:
Serv-U FTP-Server v2.2 to 2.5
Type:
FTP
Bulletins:
CVE-2001-0054
SFBID2052
Severity:
Medium
Description:
Serv-U FTP server is prone to a vulnerability where authenticated users can gain access to the ftproot of the driver where the FTP server is installed. If the users have read, write, execute and list access in the home directory, they will have the same persmissions to every file residing on the same partition as ftproot. The user will be able to transfer any files using the GET command. All hidden files will also be shown. This was the attacker will be able to access systems files, password files. etc. An upgrade to version 2.5i is available at:http://ftpserv-u.deerfield.com/download/getftpservu.cfm
Applies to:
Serv-U FTP-Server
Created:
2000-12-05
Updated:
2024-01-17

ID:
CVE-2000-1161
Title:
All Servers: Adcycle - build.cgi
Type:
Web
Bulletins:
CVE-2000-1161
SFBID1969
Severity:
High
Description:
Build.cgi if it has execute permission and is in the cgi directory, passwords can be compromised and remote users can delete your data.
Applies to:
Adcycle
Created:
2000-11-20
Updated:
2024-01-17

ID:
SFBID1872
Title:
SWAT - Samba Web Administration Tool enabled
Type:
Services
Bulletins:
SFBID1872
Severity:
High
Description:
The SWAT service is listening on port 901. It is not recommended to allow access from outside to this service as remote intruders may get some account passwords. Also the traffic is not encrypted.
Applies to:
SWAT
Created:
2000-11-01
Updated:
2010-08-21

ID:
CVE-2000-0700
Title:
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or...
Type:
Hardware
Bulletins:
CVE-2000-0700
SFBID1541
Severity:
Medium
Description:
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
Applies to:
Cisco 12008 Router
Cisco 12012 Router
Cisco 12016 Router
Created:
2000-10-20
Updated:
2024-01-17

ID:
CVE-2000-1016
Title:
Apache: Apache doc packages directory
Type:
Web
Bulletins:
CVE-2000-1016
SFBID1707
Severity:
Medium
Description:
An attacker can read the contents of /doc/packages directory.
Applies to:
Apache
Created:
2000-09-21
Updated:
2024-01-17

ID:
CVE-2000-1016
Title:
Apache: Apache doc directory
Type:
Web
Bulletins:
CVE-2000-1016
SFBID1707
Severity:
Medium
Description:
An attacker can read the contents of /usr/doc directory.
Applies to:
Apache
Created:
2000-09-21
Updated:
2024-01-17

ID:
CVE-1999-0511
Title:
IP forwarding enabled
Type:
Registry
Bulletins:
CVE-1999-0511
SFBID1620
Severity:
High
Description:
If not used should be disabled.
Applies to:
Created:
2000-08-29
Updated:
2024-01-17

ID:
CVE-2000-0709
Title:
IIS: Frontpage check
Type:
Web
Bulletins:
CVE-2000-0709
SFBID1608
Severity:
Medium
Description:
Frontpage extensions are installed on this computer.
Applies to:
IIS
Created:
2000-08-23
Updated:
2024-01-17

ID:
CVE-2000-0663
Title:
Windows 2000 Relative Shell Path
Type:
Registry
Bulletins:
CVE-2000-0663
MS00-052
Severity:
Medium
Description:
A malicious user can elevate his privileges.
Applies to:
Windows 2000
Created:
2000-07-28
Updated:
2024-01-17

ID:
CVE-2000-0673
Title:
NetBIOS Name Server Protocol Spoofing
Type:
Registry
Bulletins:
CVE-2000-0673
MS00-047
Severity:
Medium
Description:
Custom crafted packets can cause NETBIOS Name Service to stop responding.
Applies to:
Windows 2000
Created:
2000-07-27
Updated:
2024-01-17

ID:
CVE-2000-0673
Title:
NetBIOS Name Server Protocol Spoofing
Type:
Registry
Bulletins:
CVE-2000-0673
MS00-047
Severity:
Medium
Description:
Custom crafted packets can cause NETBIOS Name Service to stop responding.
Applies to:
Windows NT
Created:
2000-07-27
Updated:
2024-01-17

ID:
CVE-2000-0666
Title:
Possible statd format string attack
Type:
RPC
Bulletins:
CVE-2000-0666
SFBID1480
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
2000-07-16
Updated:
2024-01-17

ID:
CVE-2000-0674
Title:
All Servers: Virtual Vision FTP Browser Vulnerability
Type:
Web
Bulletins:
CVE-2000-0674
SFBID1471
Severity:
Medium
Description:
Possible Remote file retrieving.
Applies to:
Virtual Vision FTP Browser
Created:
2000-07-12
Updated:
2024-01-17

ID:
CVE-2000-0573
Title:
wu-ftpd SITE EXEC format
Type:
FTP
Bulletins:
CVE-2000-0573
SFBID1387
Severity:
High
Description:
Wu-ftpd is vulnerable to a remote attack in the SITE EXEC or SITE INDEX implementation. User input goes directly into a format string for a *printf function, and it is possible to overwrite important data. This way the function can jump inot shellcode pointed to by the overwritten eip and execute arbitrary commands as root. This is an input validation problem. Anonymous ftp incurs a more serious problem since attacks can come anonymously from anywhere on the internet. Patches for various Linux distributions are listed in: http://www.securityfocus.com/bid/1387/solution
Applies to:
wu-ftpd
Created:
2000-06-22
Updated:
2024-01-17

ID:
CVE-2000-0345
Title:
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
Type:
Hardware
Bulletins:
CVE-2000-0345
SFBID1161
Severity:
Low
Description:
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
Applies to:
Cisco 2500 Router
Cisco 7500 Series Routers
Cisco Router 2600
Cisco Router 3600
Cisco Router 4000
Cisco Router 7200
Created:
2000-05-03
Updated:
2024-01-17

ID:
CVE-2000-0380
Title:
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
Type:
Hardware
Bulletins:
CVE-2000-0380
SFBID1154
Severity:
High
Description:
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
Applies to:
Created:
2000-04-26
Updated:
2024-01-17

ID:
CVE-1999-0203
Title:
Sendmail 8-6
Type:
Mail
Bulletins:
CVE-1999-0203
Severity:
High
Description:
Sendmail version 5 contains a vulnerability, which allows intruders to create files, append to existing files, or execute programs. Exploitation of such a vulnerability can lead to root access. This is achieved via SMTP when the user specifies an improper “mail from” address and an invalid “rcpt to” address. In order to solve such problem, one should upgrade to version 8.6.12, which is available at: ftp://ftp.cert.org/pub/tools/sendmail/sendmail.8.6.12
Applies to:
Sendmail
Created:
2000-04-25
Updated:
2024-01-17

ID:
CVE-1999-0203
Title:
Sendmail 8-5
Type:
Mail
Bulletins:
CVE-1999-0203
Severity:
High
Description:
Sendmail version 5 contains a vulnerability, which allows intruders to create files, append to existing files, or execute programs. Exploitation of such a vulnerability can lead to root access. This is achieved via SMTP when the user specifies an improper “mail from” address and an invalid “rcpt to” address. In order to solve such problem, one should upgrade to version 8.6.12, which is available at: ftp://ftp.cert.org/pub/tools/sendmail/sendmail.8.6.12
Applies to:
Sendmail
Created:
2000-04-25
Updated:
2024-01-17

ID:
CVE-2000-0268
Title:
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
Type:
Hardware
Bulletins:
CVE-2000-0268
SFBID1123
Severity:
Medium
Description:
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
Applies to:
Cisco 3660 Router
Cisco 7100 Series VPN Routers
Cisco 7500 Series Routers
Cisco Router 7200
Cisco uBR7200 Series Universal Broadband Routers
Created:
2000-04-20
Updated:
2024-01-17

ID:
CVE-2000-0267
Title:
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
Type:
Hardware
Bulletins:
CVE-2000-0267
SFBID1122
Severity:
Medium
Description:
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
Applies to:
Created:
2000-04-20
Updated:
2024-01-17

ID:
CVE-2000-0613
Title:
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
Type:
Hardware
Bulletins:
CVE-2000-0613
SFBID1454
Severity:
Medium
Description:
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
Applies to:
Created:
2000-03-20
Updated:
2024-01-17

ID:
CVE-2000-0070
Title:
Spoofed LPC Port Request
Type:
Registry
Bulletins:
CVE-2000-0070
MS00-003
Severity:
High
Description:
A malicious user can gain SYSTEM privileges.
Applies to:
Windows NT
Created:
2000-01-12
Updated:
2024-01-17

ID:
CVE-1999-1175
Title:
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
Type:
Hardware
Bulletins:
CVE-1999-1175
Severity:
High
Description:
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
Applies to:
Created:
1999-12-31
Updated:
2024-01-17

ID:
CVE-1999-1464
Title:
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not...
Type:
Hardware
Bulletins:
CVE-1999-1464
Severity:
High
Description:
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564.
Applies to:
Created:
1999-12-31
Updated:
2024-01-17

ID:
CVE-1999-1465
Title:
Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with...
Type:
Hardware
Bulletins:
CVE-1999-1465
Severity:
High
Description:
Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862.
Applies to:
Created:
1999-12-31
Updated:
2024-01-17

ID:
SFBID894
Title:
POP3 server might be vulnerable to a remote buffer overflow exploit
Type:
Services
Bulletins:
SFBID894
Severity:
High
Description:
Additional BugtraqIDs: http://www.securityfocus.com/bid/942 http://www.securityfocus.com/bid/1965 http://www.securityfocus.com/bid/2781 http://www.securityfocus.com/bid/4055 http://www.securityfocus.com/bid/4295 http://www.securityfocus.com/bid/4614
Applies to:
Created:
1999-12-27
Updated:
2010-08-21

ID:
CVE-1999-0977
Title:
sadmin service running
Type:
RPC
Bulletins:
CVE-1999-0977
SFBID866
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
1999-12-10
Updated:
2024-01-17

ID:
SFBID789
Title:
Imail Pop3 5.0
Type:
Mail
Bulletins:
SFBID789
Severity:
High
Description:
There exists a vulnerability in IMail POP3, which causes a buffer flow, when the username entered is between 200 and 500 characters. A buffer overflow will allow an attacker to execute his/her code on the vulnerable server, however the current exploits only cause a denial of service on the remote machine. A patch has been created by the vendors themselves, i.e. Ipswitch, and is available on their website at: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail508.exe
Applies to:
Imail
Created:
1999-11-08
Updated:
2010-08-21

ID:
CVE-1999-0885
Title:
All Servers: get32.exe
Type:
Web
Bulletins:
CVE-1999-0885
SFBID770
Severity:
Low
Description:
Possible Remote command execution.
Applies to:
Created:
1999-11-03
Updated:
2024-01-17

ID:
CVE-1999-0526
Title:
X server accepts connections from any host
Type:
Miscellaneous
Bulletins:
CVE-1999-0526
Severity:
High
Description:
Allows a cracker to connect to it and record any of your keystrokes. Use xauth to filter connections.
Applies to:
X server
Created:
1999-09-29
Updated:
2024-01-17

ID:
CVE-1999-0204
Title:
Sendmail 8-6-9 ident vulnerability
Type:
Mail
Bulletins:
CVE-1999-0204
Severity:
High
Description:
Sendmail version 8.6.9 is prone to a vulnerability. It connects back to the ident service to obtain some user information. The information returned is not validated by the client, and if such a response is longer than a specified bound, a buffer overflow is generated. This may allow a remote attacker to execute some code on the host system and gain root access on the system. In order to solve such a vulnerability one should upgrade to the latest version, i.e. 8.11.2 or later. This is available form Sendmail’s website at: http://www.sendmail.org
Applies to:
Sendmail
Created:
1999-09-29
Updated:
2024-01-17

ID:
CVE-1999-0626
Title:
rusers service running
Type:
RPC
Bulletins:
CVE-1999-0626
Severity:
Low
Description:
Provide information as name of users.
Applies to:
Created:
1999-09-29
Updated:
2010-08-21

ID:
CVE-1999-0071
Title:
Apache 1-1-1
Type:
Miscellaneous
Bulletins:
CVE-1999-0071
Severity:
High
Description:
Run arbitrary commands (web server privilege).
Applies to:
Apache
Created:
1999-09-11
Updated:
2024-01-17

ID:
CVE-1999-1129
Title:
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
Type:
Hardware
Bulletins:
CVE-1999-1129
SFBID615
Severity:
High
Description:
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
Applies to:
Created:
1999-09-01
Updated:
2024-01-17

ID:
CVE-1999-0687
Title:
ttsession service running
Type:
RPC
Bulletins:
CVE-1999-0687
SFBID737
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
1999-08-21
Updated:
2024-01-17

ID:
CVE-1999-0197
Title:
Finger service is running
Type:
Services
Bulletins:
CVE-1999-0197
CVE-1999-0198
Severity:
High
Description:
Finger can give an attacker useful information, such as logon accounts and trusted hosts.
Applies to:
Created:
1999-07-26
Updated:
2024-01-17

ID:
CVE-1999-0320
Title:
cmsd service running
Type:
RPC
Bulletins:
CVE-1999-0320
SFBID524
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
1999-07-13
Updated:
2024-01-17

ID:
CVE-1999-0345
Title:
Fragmented IGMP Packet
Type:
Registry
Bulletins:
CVE-1999-0345
SFBID514
Severity:
Medium
Description:
Windows 98 and Windows 2000 are prone to a vulnerability in their TCP/IP stacks. When a malformed IGMP header is received the stack may fail resulting in a Blue Screen or immediate reboot, amongst others. Patches exist for the operating systems mentioned above. More information can be obtained from: http://www.securityfocus.com/bid/514/solution
Applies to:
Windows
Created:
1999-07-03
Updated:
2024-01-17

ID:
CVE-1999-0345
Title:
Fragmented ICMP Packet
Type:
Registry
Bulletins:
CVE-1999-0345
SFBID514
Severity:
Medium
Description:
Windows NT and Windows 95 may hang when they receive corrupted ICMP datagram fragments. This problem was corrected by updating the TCP/IP protocol stack. Instructions on how to install it are available from Microsoft support channels. More information can be obtained from:http://support.microsoft.com/kb/q154174/
Applies to:
Windows
Created:
1999-07-03
Updated:
2024-01-17

ID:
CVE-1999-0889
Title:
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.
Type:
Hardware
Bulletins:
CVE-1999-0889
Severity:
High
Description:
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.
Applies to:
Cisco 600 Series DSL Customer Premises Equipment Routers
Created:
1999-07-01
Updated:
2024-01-17

ID:
CVE-1999-0721
Title:
Malformed LSA Request
Type:
Registry
Bulletins:
CVE-1999-0721
MS99-020
Severity:
High
Description:
A malformed LSA request can cause the system to stop responding.
Applies to:
Windows NT
Created:
1999-06-23
Updated:
2024-01-17

ID:
CVE-1999-0775
Title:
Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.
Type:
Hardware
Bulletins:
CVE-1999-0775
Severity:
High
Description:
Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.
Applies to:
Created:
1999-06-10
Updated:
2024-01-17

ID:
CVE-1999-0616
Title:
Trivial FTP service running
Type:
Services
Bulletins:
CVE-1999-0616
Severity:
Low
Description:
Unrestricted tftp access allows remote sites to retrieve a copy of any world-readable file. You should remove this service, unless you really need it.
Applies to:
Created:
1999-06-07
Updated:
2010-08-21

ID:
CVE-1999-0512
Title:
SMTP server allows relaying
Type:
Mail
Bulletins:
CVE-1999-0512
Severity:
High
Description:
The mail server on this machine is configured to allow email relaying (which allows remote possibly unauthorized users to send emails through it). This configuration is often abused by spammers and hackers to avoid email protection systems. You can configure your server to disable Email Relaying. Consult your mail server manual on how to disable it.
Applies to:
Created:
1999-06-07
Updated:
2024-01-17

ID:
CVE-1999-0651
Title:
RSH service enabled
Type:
Services
Bulletins:
CVE-1999-0651
Severity:
High
Description:
This service is vulnerable to TCP spoofing attacks. If possible use SSH instead.
Applies to:
Created:
1999-06-07
Updated:
2024-01-17

ID:
CVE-1999-0651
Title:
RLOGIN service enabled
Type:
Services
Bulletins:
CVE-1999-0651
Severity:
High
Description:
This service is vulnerable to TCP spoofing attacks. If possible use SSH instead.
Applies to:
Created:
1999-06-07
Updated:
2024-01-17

ID:
CVE-1999-0618
Title:
REXEC service enabled
Type:
Services
Bulletins:
CVE-1999-0618
Severity:
High
Description:
This service is vulnerable to TCP spoofing attacks. If possible use SSH instead.
Applies to:
Created:
1999-06-07
Updated:
2024-01-17

ID:
CVE-1999-0253
Title:
IIS: ASP source using $2e trick
Type:
Web
Bulletins:
CVE-1999-0253
Severity:
High
Description:
Retrieve the source code of remote ASP scripts.
Applies to:
IIS
Created:
1999-06-07
Updated:
2024-01-17

ID:
CVE-1999-0497
Title:
Ftp Anonymous Upload
Type:
FTP
Bulletins:
CVE-1999-0497
Severity:
Medium
Description:
Anonymous uploading can open up your ftp server to be abused by intruders to upload malicious content such as pirated software / music / movies, viruses and Trojans. Apart from the obvious dangers viruses and Trojan might pose, if pirates start using the ftp server a distribution site, anti-piracy groups might target the company for legal action as hosting illegal software is a felony. Thus Ideally an FTP Server should only allow uploading and downloading privileges authenticated users.
Applies to:
Created:
1999-06-07
Updated:
2010-08-21

ID:
CVE-1999-0531
Title:
EXPN,VRFY commands enabled on mail server
Type:
Mail
Bulletins:
CVE-1999-0531
Severity:
Low
Description:
The VRFY command allows someone to telnet to a Sendmail server and asks to verify that an address is valid. In such a case spammers will be able to decide who to send mail to. Such a command allows an attacker to keep trying email addresses until s/he finds one that works. The EXPN command is used in a similar manner by spammers, but it is more dangerous because one will be able to obtain a list of address instead of just one. In order to disable EXPN and VRFY perform the following steps:Find ‘PrivacyOptions=’ in /etc/sendmail.cfChange the line to ‘PrivacyOptions=noexpn novrfy’ or to ‘PrivacyOptions=goaway’Force sendmail to reload the configuration.
Applies to:
Sendmail
Created:
1999-06-07
Updated:
2010-08-21

ID:
CVE-1999-0605
Title:
All Servers: Merchant Order Form 1.2 Order Log Permissions
Type:
Web
Bulletins:
CVE-1999-0605
SFBID2021
Severity:
Medium
Description:
Possible to view shopping orders.
Applies to:
Created:
1999-04-20
Updated:
2024-01-17

ID:
CVE-1999-0445
Title:
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
Type:
Hardware
Bulletins:
CVE-1999-0445
Severity:
Medium
Description:
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
Applies to:
Created:
1999-04-01
Updated:
2024-01-17

ID:
CVE-1999-0382
Title:
NT Screen Saver Vulnerability
Type:
Registry
Bulletins:
CVE-1999-0382
MS99-008
Severity:
High
Description:
An attacker can replace the screen server with a trojaned executable gaining administrative level privileges.
Applies to:
Windows NT
Created:
1999-03-12
Updated:
2024-01-17

ID:
CVE-1999-0416
Title:
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
Type:
Hardware
Bulletins:
CVE-1999-0416
Severity:
Medium
Description:
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
Applies to:
Ciscoo 7xx Routers
Created:
1999-03-11
Updated:
2024-01-17

ID:
CVE-1999-0415
Title:
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.
Type:
Hardware
Bulletins:
CVE-1999-0415
Severity:
High
Description:
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.
Applies to:
Ciscoo 7xx Routers
Created:
1999-03-11
Updated:
2024-01-17

ID:
CVE-1999-0376
Title:
KnownDLLs List Vulnerability
Type:
Registry
Bulletins:
CVE-1999-0376
MS99-006
Severity:
Medium
Description:
An attacker can replace system dll's with trojaned ones.
Applies to:
Windows NT
Created:
1999-02-20
Updated:
2024-01-17

ID:
CVE-1999-0800
Title:
IIS: Cold Fusion check
Type:
Web
Bulletins:
CVE-1999-0800
Severity:
Medium
Description:
Related links: www.macromedia.com/devnet/coldfusion/security.html www.isummation.com/securing_coldfusion_pages_through_iis.html www.sans.org/rr/papers/index.php?id=300
Applies to:
IIS
Created:
1999-02-11
Updated:
2024-01-17

ID:
CVE-1999-0362
Title:
WS FTP Server 1-0-2
Type:
FTP
Bulletins:
CVE-1999-0362
SFBID217
Severity:
Medium
Description:
WS_FTP Server is vulnerable to a Denial of Service vulnerability. When issuing a CWD command with more than 876 characters, the server will stop responding to FTP requests. In order to solve this vulnerability one should install the patch released by Ipswitch.
Applies to:
WS FTP Server
Created:
1999-02-04
Updated:
2024-01-17

ID:
CVE-1999-1538
Title:
IIS: iisadmin is accesible
Type:
Web
Bulletins:
CVE-1999-1538
SFBID189
Severity:
Low
Description:
/iisadmin should be limited to localhost only because can be used for server configure.
Applies to:
IIS
Created:
1999-01-14
Updated:
2024-01-17

ID:
CVE-1999-0063
Title:
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.
Type:
Hardware
Bulletins:
CVE-1999-0063
Severity:
Medium
Description:
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.
Applies to:
Created:
1999-01-11
Updated:
2024-01-17

ID:
CVE-1999-0162
Title:
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.
Type:
Hardware
Bulletins:
CVE-1999-0162
Severity:
Medium
Description:
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.
Applies to:
Created:
1998-09-01
Updated:
2024-01-17

ID:
CVE-1999-0003
Title:
ttdbserver service running
Type:
RPC
Bulletins:
CVE-1999-0003
SFBID122
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
1998-08-31
Updated:
2024-01-17

ID:
CVE-1999-0002
Title:
Linux mountd running
Type:
RPC
Bulletins:
CVE-1999-0002
SFBID121
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
1998-08-28
Updated:
2024-01-17

ID:
CVE-1999-0159
Title:
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
Type:
Hardware
Bulletins:
CVE-1999-0159
Severity:
Medium
Description:
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
Applies to:
Created:
1998-08-12
Updated:
2024-01-17

ID:
CVE-1999-1582
Title:
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive...
Type:
Hardware
Bulletins:
CVE-1999-1582
Severity:
High
Description:
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
Applies to:
Created:
1998-07-15
Updated:
2024-01-17

ID:
CVE-1999-0006
Title:
QPOP 2-2 to 2.4
Type:
Mail
Bulletins:
CVE-1999-0006
SFBID133
Severity:
High
Description:
A vulnerability exists in QUALCOMM’s QPOP with versions earlier than 2.5. QPOP is prone to a buffer overflow, and in such case remote users will be able to gain privileged access to the systems running such POP servers. If the POP server installed on the system is vulnerable, a patch available from the vendor should be installed, otherwise such POP server should be disabled. In order to determine whether the POP server installed on the system is vulnerable, one should telnet to port 110 on such host, and check the version number from the banner. If the version is vulnerable, the patch should be installed, otherwise the POP server should be disabled.
Applies to:
QPOP
Created:
1998-06-27
Updated:
2024-01-17

ID:
CVE-2002-0421
Title:
IIS: Microsoft IIS 4.0 IISADMPWD Proxied Password Attack
Type:
Web
Bulletins:
CVE-2002-0421
SFBID2110
Severity:
Medium
Description:
Possible to gain Unauthorized access to your computer.
Applies to:
IIS
Created:
1998-02-09
Updated:
2024-01-17

ID:
CVE-1999-1293
Title:
Apache 1-2-5
Type:
Miscellaneous
Bulletins:
CVE-1999-1293
Severity:
High
Description:
Run arbitrary commands (web server privilege).
Applies to:
Apache
Created:
1998-01-06
Updated:
2024-01-17

ID:
CVE-1999-0293
Title:
AAA authentication on Cisco systems allows attackers to execute commands without authorization.
Type:
Hardware
Bulletins:
CVE-1999-0293
Severity:
High
Description:
AAA authentication on Cisco systems allows attackers to execute commands without authorization.
Applies to:
Created:
1998-01-01
Updated:
2024-01-17

ID:
CVE-1999-0230
Title:
Buffer overflow in Cisco 7xx routers through the telnet service.
Type:
Hardware
Bulletins:
CVE-1999-0230
Severity:
Medium
Description:
Buffer overflow in Cisco 7xx routers through the telnet service.
Applies to:
Created:
1997-12-15
Updated:
2024-01-17

ID:
CVE-1999-0016
Title:
Land IP denial of service.
Type:
Hardware
Bulletins:
CVE-1999-0016
Severity:
Medium
Description:
Land IP denial of service.
Applies to:
Created:
1997-12-01
Updated:
2024-01-17

ID:
REF000326
Title:
Alerter service enabled
Type:
Services
Bulletins: Severity:
Low
Description:
This service could be use in social engineering attacks. It is recommended to disable this service.
Applies to:
Created:
1997-12-01
Updated:
2010-08-21

ID:
CVE-1999-1061
Title:
HP JetDirect password is not set
Type:
Miscellaneous
Bulletins:
CVE-1999-1061
Severity:
High
Description:
Users can manipulate Device Settings through (Web)JetAdmin.
Applies to:
HP JetDirect
Created:
1997-10-04
Updated:
2024-01-17

ID:
CVE-1999-0160
Title:
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
Type:
Hardware
Bulletins:
CVE-1999-0160
Severity:
High
Description:
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
Applies to:
Created:
1997-10-01
Updated:
2024-01-17

ID:
SFBID688
Title:
Denial of service on port 135
Type:
Registry
Bulletins:
SFBID688
Severity:
Low
Description:
A vulnerability exists when connecting to TCP port 135. Entering 10 or more random characters will cause the CPU of the target host to jump to 100% CPU utilization, leading to a denial of service. The target host should be restarted to eliminate the problem. A fix has been issued by Microsoft and is available at:ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP2/rpc-fix/It has also been included with Service Pack 3.
Applies to:
Windows NT
Created:
1997-02-07
Updated:
2010-08-21

ID:
CVE-1999-0047
Title:
Sendmail privilege escalation
Type:
Mail
Bulletins:
CVE-1999-0047
SFBID685
Severity:
High
Description:
Sendmail is prone to a vulnerability, where if a attacker sends a carefully crafted email message to a system running this version of Sendmail, the attacker will be able to execute random commands with root privileges on the system the vulnerable Sendmail is running. In order to solve such problem it is advisable to upgrade to version 8.8.5 or later.
Applies to:
Sendmail
Created:
1997-01-20
Updated:
2024-01-17

ID:
SFBID2026
Title:
All Servers: Aglimpse
Type:
Web
Bulletins:
SFBID2026
Severity:
Medium
Description:
It is possible to force the web server to send the password file back to the attacker.
Applies to:
Aglimpse
Created:
1996-07-03
Updated:
2010-08-21

ID:
SFBID1749
Title:
ypupdated service running
Type:
RPC
Bulletins:
SFBID1749
Severity:
High
Description:
Some versions of this service are vulnerable (Run arbitrary commands as root).
Applies to:
Created:
1995-12-19
Updated:
2010-08-21

ID:
CVE-1999-0161
Title:
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
Type:
Hardware
Bulletins:
CVE-1999-0161
Severity:
High
Description:
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
Applies to:
Created:
1995-07-31
Updated:
2024-01-17

ID:
CVE-1999-1466
Title:
Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
Type:
Hardware
Bulletins:
CVE-1999-1466
SFBID53
Severity:
High
Description:
Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
Applies to:
Created:
1992-12-10
Updated:
2024-01-17

ID:
CVE-1999-1306
Title:
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
Type:
Hardware
Bulletins:
CVE-1999-1306
Severity:
High
Description:
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
Applies to:
Created:
1992-12-10
Updated:
2024-01-17

ID:
CVE-2023-4581
Title:
XLL file extensions were downloadable without warnings
Type:
Software
Bulletins:
CVE-2023-4581
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4387
Title:
use-after-free in vmxnet3_rq_alloc_rx_buf
Type:
Software
Bulletins:
CVE-2023-4387
Severity:
High
Description:
DOCUMENTATION: A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. MITIGATION: Mitigation for this issue is to skip loading the affected module " vmxnet3 " onto the system until the fix is available, this can be done by a blacklist mechanism which will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4563
Title:
Use-after-free in nft_verdict_dump due to a race between set GC and transaction
Type:
Software
Bulletins:
CVE-2023-4563
Severity:
Medium
Description:
DOCUMENTATION: A use-after-free flaw was found in the nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system due to a missing call to `nft_set_elem_mark_busy`, causing double deactivation of the element and possibly leading to a kernel information leak problem. MITIGATION: Mitigation for this issue is to skip loading the affected module " nftables " onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~
Applies to:
Created:
Updated:
2023-08-28

ID:
CVE-2023-4133
Title:
use-after-free in ch_flower_stats_cb
Type:
Software
Bulletins:
CVE-2023-4133
Severity:
Medium
Description:
DOCUMENTATION: A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4273
Title:
stack overflow in exfat_get_uniname_from_ext_entry
Type:
Software
Bulletins:
CVE-2023-4273
Severity:
Medium
Description:
DOCUMENTATION: A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. STATEMENT: Red Hat Enterprise Linux 6, 7 and 8 are not affected by this flaw as they did not include exFAT filesystem support (introduced upstream in kernel v5.7).
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4155
Title:
SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
Type:
Software
Bulletins:
CVE-2023-4155
Severity:
Medium
Description:
DOCUMENTATION: A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). STATEMENT: Red Hat Enterprise Linux 6 and 7 are not affected by this flaw, as they did not include support for KVM AMD Secure Encrypted Virtualization (SEV). Note: AMD SEV is currently provided as a Technology Preview in RHEL 8, therefore, it is unsupported for production use. For additional details see https://access.redhat.com/articles/4491591 and https://access.redhat.com/support/offerings/techpreview.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4580
Title:
Push notifications saved to disk unencrypted
Type:
Software
Bulletins:
CVE-2023-4580
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41358
Title:
processes invalid NLRIs if attribute length is zero
Type:
Software
Bulletins:
CVE-2023-41358
Severity:
High
Description:
DOCUMENTATION: A vulnerability was found in FRRouting (FRR) in bgpd/bgp_packet.c, where the Network Layer Reachability Information (NLRI) is processed even when the attribute length is zero. The flaw causes a crash due to a NULL pointer dereference issue.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41175
Title:
potential integer overflow in raw2tiff.c
Type:
Software
Bulletins:
CVE-2023-41175
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4641
Title:
possible password leak during passwd
Type:
Software
Bulletins:
CVE-2023-4641
Severity:
Medium
Description:
DOCUMENTATION: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41359
Title:
out of bounds read in bgp_attr_aigp_valid
Type:
Software
Bulletins:
CVE-2023-41359
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41080
Title:
Open Redirect vulnerability in FORM authentication
Type:
Software
Bulletins:
CVE-2023-41080
Severity:
Medium
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. STATEMENT: The pki-servlet-engine package has been obsoleted by the tomcat package, and therefore this issue will be fixed in the tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL tomcat trackers instead for the updates.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4459
Title:
NULL pointer dereference in vmxnet3_rq_cleanup
Type:
Software
Bulletins:
CVE-2023-4459
Severity:
Medium
Description:
DOCUMENTATION: A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. MITIGATION: In order to mitigate this issue, prevent the affected code from being loaded by blacklisting the kernel module " vmxnet3 " . For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 ~~~ Exploiting this flaw will require CAP_NET_ADMIN access privilege in any user or network namespace. ~~~
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4147
Title:
nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free
Type:
Software
Bulletins:
CVE-2023-4147
Severity:
High
Description:
DOCUMENTATION: A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4585
Title:
Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
Type:
Software
Bulletins:
CVE-2023-4585
Severity:
High
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4584
Title:
Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
Type:
Software
Bulletins:
CVE-2023-4584
Severity:
High
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4577
Title:
Memory corruption in JIT UpdateRegExpStatics
Type:
Software
Bulletins:
CVE-2023-4577
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4575
Title:
Memory corruption in IPC FilePickerShownCallback
Type:
Software
Bulletins:
CVE-2023-4575
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4574
Title:
Memory corruption in IPC ColorPickerShownCallback
Type:
Software
Bulletins:
CVE-2023-4574
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4573
Title:
Memory corruption in IPC CanvasTranslator
Type:
Software
Bulletins:
CVE-2023-4573
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-40745
Title:
integer overflow in tiffcp.c
Type:
Software
Bulletins:
CVE-2023-40745
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4569
Title:
information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c
Type:
Software
Bulletins:
CVE-2023-4569
Severity:
Medium
Description:
DOCUMENTATION: A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak. MITIGATION: Mitigation for this issue is to skip loading the affected module " nftables " onto the system until we have a fix available. This can be done by a blacklist mechanism that will ensure the driver is not loaded at boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4156
Title:
heap out of bound read in builtin.c
Type:
Software
Bulletins:
CVE-2023-4156
Severity:
High
Description:
DOCUMENTATION: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4051
Title:
Full screen notification obscured by file open dialog
Type:
Software
Bulletins:
CVE-2023-4051
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4053
Title:
Full screen notification obscured by external program
Type:
Software
Bulletins:
CVE-2023-4053
Severity:
Medium
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41105
Title:
file path truncation at \0 characters
Type:
Software
Bulletins:
CVE-2023-41105
Severity:
High
Description:
DOCUMENTATION: Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4578
Title:
Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
Type:
Software
Bulletins:
CVE-2023-4578
Severity:
Medium
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4511
Title:
DoS
Type:
Software
Bulletins:
CVE-2023-4511
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4512
Title:
DoS
Type:
Software
Bulletins:
CVE-2023-4512
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4513
Title:
DoS
Type:
Software
Bulletins:
CVE-2023-4513
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41361
Title:
does not check for an overly large length of the rcv software version
Type:
Software
Bulletins:
CVE-2023-41361
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4194
Title:
correctly initialize socket uid next fix of i_uid to current_fsuid
Type:
Software
Bulletins:
CVE-2023-4194
Severity:
Medium
Description:
DOCUMENTATION: A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ( " tun: tun_chr_open(): correctly initialize socket uid " ), - 66b2c338adce ( " tap: tap_open(): correctly initialize socket uid " ), pass " inode- > i_uid " to sock_init_data_uid() as the last parameter and that turns out to not be accurate.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4128
Title:
cls_fw, cls_u32 and cls_route
Type:
Software
Bulletins:
CVE-2023-4128
Severity:
High
Description:
DOCUMENTATION: A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Applies to:
Created:
Updated:
2023-08-29

ID:
CVE-2023-40857
Title:
buffer overflow that allows a remote attacker to execute arbtirary code via the yr_execute_cod function
Type:
Software
Bulletins:
CVE-2023-40857
Severity:
High
Description:
DOCUMENTATION: A flaw was found in the yara library. This issue occurs due to a buffer overflow vulnerability in the exe.c component that allows a remote attacker to execute arbtirary code via the yr_execute_cod function. MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-4583
Title:
Browsing Context potentially not cleared when closing Private Window
Type:
Software
Bulletins:
CVE-2023-4583
Severity:
High
Description:
DOCUMENTATION: No description is available for this CVE. STATEMENT: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Applies to:
Created:
Updated:
2024-01-17

ID:
CVE-2023-41360
Title:
ahead-of-stream read of ORF header
Type:
Software
Bulletins:
CVE-2023-41360
Severity:
High
Description:
DOCUMENTATION: The MITRE CVE dictionary describes this issue as: An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
Applies to:
Created:
Updated:
2024-01-17