187 matches found
Firewall Services Module Crafted ICMP Message Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Code injection
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges...
CVE-2008-6910
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request...
CVE-2008-6910
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request...
CVE-2008-6910
CVE-2008-6910 affects Drupal modules (Services 5.x up to 5.x-0.91/0.92 and 6.x up to 6.x-0.13). The root cause is that signed requests do not implement timeouts, enabling a replay attack that can impersonate other users and escalate privileges. Exposed components: the Drupal Services module on af...
Code injection
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges...
CVE-2008-6908
The CVE-2008-6908 entry affects the Drupal Services module: 5.x before 5.x-0.92 and 6.x before 6.x-0.13. The vulnerability arises from using an insecure hash when signing requests, enabling remote attackers to impersonate other users and gain privileges. Affected component is the Services module ...
Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass
The version of Drupal running on the remote host includes the third-party Services module, which offers a way to integrate external applications with Drupal using XMLRPC, SOAP, REST, AMF, or other such interfaces. It is currently configured to use a validation token, or 'key', for authentication,...
SA-CONTRIB-2009-036 - Services - Impersonation
The Services module provides integration of external applications with Drupal. Service callbacks may be used with multiple interfaces like XMLRPC, SOAP, REST, AMF. When key based access is enabled any user may view or add keys, allowing a third party to access services they would not otherwise be...
SA-2008-038 - Services - Arbitrary code execution
The Services module package was created out of a need for a standardized solution to integrate external applications with Drupal. It builds on concepts from Drupal core's XMLRPC interface, but abstracts service callbacks so that they may be used with multiple interfaces such as XMLRPC, SOAP, REST...
Cisco防火墙服务模块中应用程序检测拒绝服务漏洞
BUGTRAQ ID: 26941 CVE ID:CVE-2007-5584 CNCVE ID:CNCVE-20075584 Cisco Firewall Services Module FWSM是一款思科公司提供的防火墙服务模块,集成在Cisco Catalyst 6500交换机和Cisco 7600系列路由器上。 Cisco Firewall Services Module FWSM包含的第7层应用程序检测处理上存在问题,远程攻击者可以利用漏洞使FWSM模块重载,造成拒绝服务攻击。...
CVE-2007-5584
Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.23 allows remote attackers to cause a denial of service device reload via crafted "data in the control-plane path with Layer 7 Application Inspections."...
Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module Advisory ID: cisco-sa-20071219-fwsm ============ Revision 1.0 ============ Last Updated 2007 December 19 1600 UTC GMT For Public Release 2007 December 19...
Cisco Firewall Services Module DoS
Device crash on application traffic analisys...
Multiple Vulnerabilities in Firewall Services Module
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
CVE-2007-0968
Unspecified vulnerability in Cisco Firewall Services Module FWSM before 2.34.7 and 3.x before 3.13.1 causes the access control entries ACE in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections...
Design/Logic Flaw
Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.x before 3.13.3, when set to log at the "debug" level, allows remote attackers to cause a denial of service device reboot by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot durin...
CVE-2007-0963
Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.x before 3.13.3, when set to log at the "debug" level, allows remote attackers to cause a denial of service device reboot by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot durin...
CVE-2007-0968
Unspecified vulnerability in Cisco Firewall Services Module FWSM before 2.34.7 and 3.x before 3.13.1 causes the access control entries ACE in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections...
Cisco Firewall Services Module vulnerable to DoS via inspection of malformed SIP messages
Overview Cisco Firewall Services Module fails to properly inspect SIP messages. This vulnerability may allow a remote attacker to cause a denial of service condition. Description The Cisco Firewall Services Module is an integrated firewall service for Cisco Catalyst 6500 series switches and Cisco...