bmforumXSS.txt

Multiple Cross site scripting in BMForum vendor url:http://www.bmforum.com/ Advisore:http://lostmon.blogspot.com/2005/07/ multiple-cross-site-scripting-in.html Vendor notify:yes Exploit available:yes BMForum contains a flaw that allows a remote cross site scripting attack.This flaw exists because...

cleverXSS.txt

Clever copy 'calendar.php' 'yr' variable cross site scripting vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-calendarphp-yr-variable.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and ne...

CVE-2005-2181

Cisco 7940/7960 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...

CVE-2005-2182

The affected product is Grandstream BudgeTone BT100 VoIP phones. The vulnerability arises from improper validation of Call-ID, branch, and tag values in NOTIFY messages used to verify subscriptions, enabling remote spoofing of messages such as the “Messages waiting” indicator. Root cause: inadequ...

CVE-2005-2182

Grandstream BudgeTone BT 100 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...

CVE-2005-2181

Cisco 7940/7960 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...

PT-2005-3111 · Grandstream · Grandstream Budgetone (Bt) 100

Name of the Vulnerable Software and Affected Versions: Grandstream BudgeTone BT 100 affected versions not specified Description: The issue concerns the Grandstream BudgeTone BT 100 Voice over IP VoIP phones, which do not properly validate certain values in a NOTIFY message. This allows remote...

PT-2005-3110 · Cisco · Cisco 7940/7960

Name of the Vulnerable Software and Affected Versions: Cisco 7940/7960 Voice over IP VoIP phones affected versions not specified Description: The issue concerns the improper validation of certain values in a NOTIFY message, which can be exploited by remote attackers to spoof messages. This could...

VoIP-Phones: Weakness in proccessing SIP-Notify-Messages

Tele-Consulting GmbH security | networking | training advisory 05/07/06 URL of this advisory: http://pentest.tele-consulting.com/advisories/050706voip-phones.txt Topic: Weakness in implemenation of proccessing SIP-Notify-Messages in VoIP-Phones. Summary: Due to ignoring the value of 'Call-ID' and...

Cisco VoIP Phone CP-7940 3.x - Spoofed SIP Status Message Handling

source: https://www.securityfocus.com/bid/14174/info Multiple Vendor VoIP Phones handle spoofed SIP status messages in an improper manner. This issue could potentially lead a to a denial of service condition against a server. The issue arises because the affected phones do not verify the 'Call-ID...

CVE-2005-1826

Buffer overflow in HP Radia Notify Daemon 3.1.0.0 formerly by Novadigm, and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension...

CVE-2005-1826

CVE-2005-1826 affects HP Radia Notify Daemon (versions 2.x, 3.x, 4.x; formerly Novadigm) where a buffer overflow via a long file extension allows a remote attacker to execute arbitrary code. The description specifies remote code execution but does not provide exploit code or in-the-wild details. ...

CVE-2005-1825

CVE-2005-1825 involves multiple stack-based buffer overflows in the nvd_exec function of HP Radia Notify Daemon (3.1.2.0, and other versions 2.x/3.x/4.x). The vulnerability allows remote attackers to execute arbitrary code by sending a crafted command to a RADEXECD process. This is a network-acce...

HP OpenView Radia 2.03.14.0 - Notify Daemon Multiple Remote Buffer Overflow Vulnerabilities

HP OpenView Radia 2.03.14.0 - Notify Daemon Multiple Remote Buffer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/13835/info HP OpenView Radia Notify Daemon RADEXECD is affected by multiple remote buffer overflow vulnerabilities. An attacker can craft a malicious request that...

CVE-2005-1826

Buffer overflow in HP Radia Notify Daemon 3.1.0.0 formerly by Novadigm, and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension...

CVE-2005-1825

Multiple stack-based buffer overflows in the nvdexec function in HP Radia Notify Daemon 3.1.2.0 formerly by Novadigm, and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process...

NotifyLink server provides inadequate protection for cryptographic key material

Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

security flaw

servenotify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data...

CVE-2002-0302

The Notify daemon for Symantec Enterprise Firewall SEF 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack...

CVE-2002-0302

The CVE-2002-0302 issue affects the Notify daemon in Symantec Enterprise Firewall (SEF) 6.5.x. When SNMP is used as the transport, the daemon drops large alerts, which could prevent some alerts from being sent during an attack. This reduces visibility of events that would otherwise trigger notifi...