473 matches found
Cisco Application Control Engine privilege escalation
Context administrator can access wrong context...
Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability Advisory ID: cisco-sa-20120620-ace Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +---------------------------------------------------------------------...
Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Pligg CMS 1.2.1 SQL注入漏洞
Bugtraq ID: 53625 Pligg CMS是一款内容管理系统。 Pligg CMS包含的admin/adminindex.php,admin/adminusers.php,module.php脚本不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得数据库信息或控制应用系统。 0 Pligg CMS 1.2.1 厂商解决方案 Pligg CMS 1.2.2已经修复此漏洞,建议用户下载使用: http://forums.pligg.com/downloads.php?do=file&id=15...
Twitter Snaps Up Mobile Security Firm WhisperSystems
Micro blogging site Twitter has acquired Whispersystems, a maker of mobile security software, according to a statement posted on the WhisperSystems Web site. The Bay Area startup notified its users of the acquisition in a blog post on Monday, saying that Whisper would be integrating its technolog...
Apple Mac Os X sandbox protection bypass
It's possible to bypass sandbox restriction by controlling different applications...
GotoCode Online Classifieds Access Bypass
Exploit Title : GotoCode Online Classifieds Multiple Vulnerabilities Vulnerability : Privilege Escalation / Remote Database Download Date : 09/10/2011 Author : Nathaniel Carew Email : [email protected] Impact : High Software Link : http://www.gotocode.com/apps.asp?appid=5& Platform : ASP.NET Test...
CVE-2010-2825
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine ACE Module with software A21.x before A21.6, A22.x before A22.3, and A23.x before A23.1 for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine ACE 4710...
Design/Logic Flaw
Unspecified vulnerability on the Cisco Application Control Engine ACE Module with software A21.x before A21.6, A22.x before A22.3, and A23.x before A23.1 for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service device reload via a sequence of...
Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
CVE-2010-2629
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...
CVE-2010-1576
The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...
CVE-2010-2629
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...
Cisco Application Control Engine (ACE) - HTTP Parsing Security
Cisco Application Control Engine ACE - HTTP Parsing Security source: https://www.securityfocus.com/bid/40002/info Cisco Application Control Engine ACE is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries. Attackers can exploit this issue to avoid having...
Cisco Application Control Engine (ACE) - HTTP Parsing Security
source: https://www.securityfocus.com/bid/40002/info Cisco Application Control Engine ACE is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries. Attackers can exploit this issue to avoid having client IP addresses logged by servers. GET / HTTP / 1 . 1 HOST:...
Winamp 5.551 MAKI Parsing Integer Overflow PoC
No description provided by source. / Winamp 5.551 MAKI Parsing Integer Overflow Vulnerability This is just a simple poc code to show how to exploit the recent MAKI file parsing vulnerability. Tested on :Vista sp1 and Xpsp3 Release Date :May 22 2009 Venders web site :http://www.winamp.com/ Version...
Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)
No description provided by source. !/usr/bin/perl Title: Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit SEH Summary: The easiest and fastest way to meet people online. With Talkative IRC you can chat with thousands of people at the same time. Find people with the same interests as you. Join...
CVE-2009-0623
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.3 and Cisco ACE 4710 Application Control Engine Appliance before A32.1 allows remote attackers to cause a denial of service device reload via a crafted SSH packet...
Design/Logic Flaw
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.2 and Cisco ACE 4710 Application Control Engine Appliance before A18a allows remote authenticated users to execute arbitrary operating-system commands through a command...
Design/Logic Flaw
Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.1 uses default 1 usernames and 2 passwords for a the administrator and b web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access...