[Full-disclosure] CAT6500 accessible via 127.0.0.x loopback addresses

Lee E Rian/TCO/HQ/BOC wrote on 08/29/2006 01:49:40 PM: I found something interesting w/ the cat6000s - telnet 127.0.0.11 gets you into the switch & telnet 127.0.0.12 gets you into the router snmpget 127.0.0.11 sysDescr.0 RFC1213-MIB::sysDescr.0 = STRING: "Cisco Systems WS-C6509.Cisco Catalyst...

gld -- format string and buffer overflow vulnerabilities

Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld ...

Eggdrop arbitrary connection vulnerability

Hi, there is a serious security problem in the popular eggdrop IRCbot. The hole allows a regular user with enough 'power' at least power to add new bot records to use any linked instance of the bot on the botnet as an instant 'proxy'. The following session demonstrates the problem with an...