Cisco IOS XE Software RSVP DoS (cisco-sa-20140924-rsvp)

According to its self-reported version, the version of Cisco IOS XE running on the remote host is affected by a denial of service vulnerability in the Resource Reservation Protocol RSVP implementation due to improper handling of RSVP packets. A remote attacker can exploit this issue by sending...

CVE-2014-3356

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service device reload via malformed RSVP packets, aka Bug ID CSCue22753...

Code injection

The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service device reload via multipart SDP IPv4 traffic, aka Bug ID CSCun54071...

Code injection

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service device reload via malformed RSVP packets, aka Bug ID CSCue22753...

Code injection

Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service NPU and card hang or reload via a malformed MPLS packet, aka Bug ID CSCuq10466...

Cisco IOS XR Software Malformed TACACS+ Packet Denial of Service Vulnerability

A vulnerability in TACACS+ processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the TACACS+ daemon tacacsd on the affected device. The vulnerability is due to improper parsing of a malformed TACACS+ packet. An attacker could exploit this vulnerability by...

Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability

A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device. The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a...

Cisco IOS XR Software Malformed SNMPv2 Packet Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP version 2 SNMPv2 processing of Cisco IOS XR could allow an authenticated, remote attacker to cause a reload of the SNMP daemon snmpd process on an affected device. The vulnerability is due to improper parsing of a malformed SNMPv2 packet...

Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability

A vulnerability in the packet parsing code of Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a Network Processor NP chip and a line card processing traffic. The vulnerability is due ...

CVE-2014-3327

The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service device reload via a crafted IPv4 packet, aka Bug ID CSCup52101...

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability

A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could...

CVE-2013-6691

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance ASA Software 9.0.4.1 and earlier allows remote CIFS servers to cause a denial of service device reload via a long share list, aka Bug ID CSCuj83344...

Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability

A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...

Ublog Reload 1.0.5 index.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13991/info Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit

No description provided by source. !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX = v2.1 build 25399 Multiple Vulns Remote Root Exploit Date : 01-02-2012 Author :...

Ublog Reload 1.0.5 blog_comment.asp y Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13991/info Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

Uapplication Ublog Reload 1.0.5 Trackback.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13994/info Ublog Reload is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

Cisco Aironet AP1x00 Malformed HTTP GET Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8290/info Cisco Aironet AP1x00 series devices are prone to a denial of service vulnerability upon receipt of a malformed HTTP GET request. Such a request will cause the device to reload. !/usr/bin/perl Cisco Global...

Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)

The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOA...

Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL

The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD...