Cisco IOS Software Integrated Services Module for VPN crypto engine denial of service vulnerability

Cisco IOS Software is an operating system developed by Cisco for its network devices.Integrated Services Module for VPN ISM-VPN is one of the integrated services modules for VPN. crypto engine is one of the encryption engines. A resource management error vulnerability exists in the crypto engine...

CVE-2018-0154

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of VPN traffi...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

PT-2018-1190 · Cisco · Cisco Integrated Services Module For Vpn +1

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Services Module for VPN ISM-VPN versions affected versions not specified Description: A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an...

Services single sign-on client - Critical - Cross-site scripting - SA-CONTRIB-2017-087

This module allows users of a remote Services-enabled Drupal site to sign on to a second site with their credentials. The module does not sanitize information from the request before displaying it, thereby exposing a cross-site scripting vulnerability...

Drupal Services module SQL injection vulnerability

Drupal is an open source content management framework CMF written in the PHP language, which consists of a content management system CMS and PHP development framework Framework together. A SQL injection vulnerability exists in the Drupal Services module, which can be exploited by attackers to...

CVE-2017-6609

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

CVE-2017-6609

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets ...

CVE-2017-6607

The CVE-2017-6607 issue affects Cisco ASA Software DNS handling. A crafted DNS response can be used by an unauthenticated remote attacker to cause the device to reload or corrupt its local DNS cache, leading to DoS or cache corruption. Impact applies to ASA in routed or transparent firewall mode,...

CVE-2017-6609

CVE-2017-6609 affects Cisco ASA Software IPsec handling. The vulnerability stems from improper parsing of malformed IPsec packets in the IPsec code, requiring an authenticated, remote attacker to establish a valid IPsec tunnel and send crafted traffic to the affected system. Exploitation can caus...

Drupal Services module remote code execution vulnerability (CNVD-2017-03557)

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Services is one of the modules that allows users to programmatically create customized Web service items. A remote code execution vulnerability exists in the Services module of Drupal. ...

Drupal 7.x Module Services - Remote Code Execution

Drupal 7.x Module Services - Remote Code Execution Exploit Title: Drupal 7.x Services Module Remote Code Execution Vendor Homepage: https://www.drupal.org/project/services Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website:...

Drupal 7.x Module Services - Remote Code Execution

Exploit Title: Drupal 7.x Services Module Remote Code Execution Vendor Homepage: https://www.drupal.org/project/services Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/drupal-services-module-rce !/usr/bin/php 'dixuSOspsOUU.php', 'data' = ...

Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029

This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module accepts user submitted data in PHP's serialization format "Content-Type: application/vnd.php.serialized" which can lead to arbitrary remote code execution. This...

CVE-2016-1312

The HTTPS inspection engine in the Content Security and Control Security Services Module CSC-SSM 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service memory consumption or device reload via a flood of HTTPS packets, aka Bug ID CSCue76147...

Cisco ASA DNS DoS Vulnerability (cisco-sa-20151021-asa-dns2)

A vulnerability in the DNS code of Cisco ASA may lead to a denial of service. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

Cisco ASA DNS DoS Vulnerability (cisco-sa-20151021-asa-dns1)

A vulnerability in the DNS code of Cisco ASA may lead to a denial of service. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

CVE-2015-4394

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the fieldaccess restriction and obtain sensitive private field information via unspecified vectors...

Code injection

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename...

Design/Logic Flaw

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the fieldaccess restriction and obtain sensitive private field information via unspecified vectors...