343 matches found
Tri-PLC Nano-10 r81 - Denial of Service
Tri-PLC Nano-10 r81 - Denial of Service Exploit Title: Tri-PLC Nano-10 DoS Date: 07/11/2013 Exploit Author: Sapling Vendor Homepage: www.tri-plc.com Version: Firmware Version r81 and prior CVE : CVE-2013-2784 ICSA: ICSA-13-189-02 / The vulnerability exists due to a flaw in the PLC's ability to...
Cisco TC Software Empty Password Validation Vulnerability
A vulnerability in the web portal of Cisco TelePresence endpoints running TC software could allow an unauthenticated, remote attacker to log in with any password. The vulnerability is due to a failure of the Cisco TelePresence endpoints to require an exact match for the password before the user h...
Cisco Virtualization Experience Client Privilege Escalation Vulnerability
A vulnerability in the function handling the operating system permissions of Cisco Virtualization Experience Client 6000 Series could allow an authenticated, local attacker to take full control of the affected system. The vulnerability is due to improper implementation of the permissions for the...
Cisco Prime for HCS Assurance Information Disclosure Vulnerability
A vulnerability in web framework could allow an unauthenticated, remote attacker to access information about internal file system resources such as paths and names of files and directories. The vulnerability is due to insufficient security hardening of replies to crafted HTTP requests. An attacke...
Cisco Jabber Video Engine Denial of Service Vulnerability
A vulnerability in Cisco's Precision Video Engine CVPE code could allow an unauthenticated, remote attacker to cause the crash of various processes and the disconnection of any active calls. The vulnerability is due to improper handling of crafted Real-Time Protocol RTP packets sent at a high rat...
Cisco ASA-CX TCP Traffic Denial of Service Vulnerability
A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to invalid parsing of TCP packet data forwarded to Cisco ASA CX by the Cisco ASA. An attacker could exploit this vulnerability ...
Cisco Nexus 7000 Frame Forwarding Loop Denial of Service Vulnerability
Cisco NX-OS Software running on Nexus 7000 Series Switches contains a vulnerability that could allow an unauthenticated, remote attacker with access to an adjacent network to cause a denial of service DoS condition. The vulnerability is due to mishandling of a specific type of nonstandard Etherne...
Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability
A vulnerability in the Connection Manager component of Cisco Jabber Extensible Communications Platform Jabber XCP could allow an unauthenticated, remote attacker to crash the login connection manager service. The vulnerability is due to insufficient checking of received login data. An attacker...
Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability
Cisco Small Business Switches contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to features that rely on SSH or SSL protocols. The vulnerability is due to the processing flaw in malformed packets in the code used by SSH and SSL...
Cisco TelePresence Video Communication Server Policy Services Security Bypass Vulnerability
Cisco TelePresence Video Communication Server VCS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. The vulnerability is due to improper processing of certain search rules processed by the affected software. An...
Cisco ASA 5500 Series Adaptive Security Appliance Cut-Through Proxy Authentication Information Disclosure Vulnerability
Cisco ASA 5500 Series Adaptive Security Appliance firmware contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is due to improper proxy authentication during attempts to cut through a targeted system...
SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number...
Cisco RVS4000 and WRVS4400N Gigabit Security Routers Firmware SSL Key Disclosure Vulnerability
The firmware of Cisco RVS4000 4-port Gigabit Security Routers and WRVS4400N Wireless-N Gigabit Security Routers contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information from a targeted device. The vulnerability is due to improper security...
Cisco Secure Access Control System Password Modification Vulnerability
Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to modify user passwords. The vulnerability is due to improper security restrictions on user password change functions in the web-based management interface of the Cisco Secure ACS...
CVE-2010-1638
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's...
CVE-2010-1637
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number...
CVE-2010-1637
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number...
CVE-2010-1638
The IMP plugin in Horde allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's...
Open redirect
Live Chat comlivechat component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string...
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
Title ----- DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass Severity -------- Medium Date Discovered --------------- May 12, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Geoff Humes and r@b13$ Vulnerability Description...