Lucene search
+L

188 matches found

Tenable Nessus
Tenable Nessus
added 2010/05/13 12:0 a.m.11 views

Drupal Services Module < 6.x-2.1 Authentication Bypass

Binary data 5537.prm...

7.3AI score
Exploits0References1
Cisco
Cisco
added 2009/08/19 4:0 p.m.55 views

Firewall Services Module Crafted ICMP Message Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS6.1AI score0.02853EPSS
Exploits1References1
Prion
Prion
added 2009/08/06 6:30 p.m.18 views

Code injection

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges...

6.5CVSS7.5AI score0.01115EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2009/08/06 6:30 p.m.13 views

CVE-2008-6910

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request...

7.5CVSS6.8AI score0.01359EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/08/06 6:0 p.m.20 views

CVE-2008-6910

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request...

6.8AI score0.01359EPSS
Exploits0References4
CVE
CVE
added 2009/08/06 6:0 p.m.35 views

CVE-2008-6910

CVE-2008-6910 affects Drupal modules (Services 5.x up to 5.x-0.91/0.92 and 6.x up to 6.x-0.13). The root cause is that signed requests do not implement timeouts, enabling a replay attack that can impersonate other users and escalate privileges. Exposed components: the Drupal Services module on af...

7.5CVSS7.1AI score0.01359EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2009/08/06 5:30 p.m.15 views

Code injection

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges...

7.5CVSS7.5AI score0.01359EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2009/08/06 5:0 p.m.45 views

CVE-2008-6908

The CVE-2008-6908 entry affects the Drupal Services module: 5.x before 5.x-0.92 and 6.x before 6.x-0.13. The vulnerability arises from using an insecure hash when signing requests, enabling remote attackers to impersonate other users and gain privileges. Affected component is the Services module ...

7.5CVSS7.1AI score0.01359EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/06/11 12:0 a.m.44 views

Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass

The version of Drupal running on the remote host includes the third-party Services module, which offers a way to integrate external applications with Drupal using XMLRPC, SOAP, REST, AMF, or other such interfaces. It is currently configured to use a validation token, or 'key', for authentication,...

6.4CVSS5.6AI score0.01222EPSS
Exploits0References2
Drupal
Drupal
added 2009/06/10 12:0 a.m.11 views

SA-CONTRIB-2009-036 - Services - Impersonation

The Services module provides integration of external applications with Drupal. Service callbacks may be used with multiple interfaces like XMLRPC, SOAP, REST, AMF. When key based access is enabled any user may view or add keys, allowing a third party to access services they would not otherwise be...

7AI score
Exploits0References5
Drupal
Drupal
added 2008/06/18 12:0 a.m.14 views

SA-2008-038 - Services - Arbitrary code execution

The Services module package was created out of a need for a standardized solution to integrate external applications with Drupal. It builds on concepts from Drupal core's XMLRPC interface, but abstracts service callbacks so that they may be used with multiple interfaces such as XMLRPC, SOAP, REST...

8AI score
Exploits0References7
seebug.org
seebug.org
added 2007/12/21 12:0 a.m.38 views

Cisco防火墙服务模块中应用程序检测拒绝服务漏洞

BUGTRAQ ID: 26941 CVE ID:CVE-2007-5584 CNCVE ID:CNCVE-20075584 Cisco Firewall Services Module FWSM是一款思科公司提供的防火墙服务模块,集成在Cisco Catalyst 6500交换机和Cisco 7600系列路由器上。 Cisco Firewall Services Module FWSM包含的第7层应用程序检测处理上存在问题,远程攻击者可以利用漏洞使FWSM模块重载,造成拒绝服务攻击。...

7.8CVSS6.4AI score0.01978EPSS
Exploits1
NVD
NVD
added 2007/12/20 2:46 a.m.14 views

CVE-2007-5584

Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.23 allows remote attackers to cause a denial of service device reload via crafted "data in the control-plane path with Layer 7 Application Inspections."...

7.8CVSS6.5AI score0.01978EPSS
Exploits1References7
securityvulns
securityvulns
added 2007/12/19 12:0 a.m.52 views

Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Application Inspection Vulnerability in Cisco Firewall Services Module Advisory ID: cisco-sa-20071219-fwsm ============ Revision 1.0 ============ Last Updated 2007 December 19 1600 UTC GMT For Public Release 2007 December 19...

7.8CVSS0.6AI score0.01978EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/19 12:0 a.m.42 views

Cisco Firewall Services Module DoS

Device crash on application traffic analisys...

7.8CVSS3.2AI score0.01978EPSS
Exploits1References1Affected Software1
Cisco
Cisco
added 2007/10/17 4:0 p.m.63 views

Multiple Vulnerabilities in Firewall Services Module

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

7.8CVSS6AI score0.03218EPSS
Exploits0References1
NVD
NVD
added 2007/02/16 12:28 a.m.15 views

CVE-2007-0968

Unspecified vulnerability in Cisco Firewall Services Module FWSM before 2.34.7 and 3.x before 3.13.1 causes the access control entries ACE in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections...

9CVSS6.2AI score0.02045EPSS
Exploits0References6
Prion
Prion
added 2007/02/16 12:28 a.m.19 views

Design/Logic Flaw

Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.x before 3.13.3, when set to log at the "debug" level, allows remote attackers to cause a denial of service device reboot by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot durin...

7.8CVSS7.2AI score0.01619EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/02/16 12:0 a.m.58 views

CVE-2007-0968

CVE-2007-0968 affects Cisco Firewall Services Module (FWSM) prior to 2.3(4.7) and 3.x prior to 3.1(3.1). The issue is an improper evaluation of access control entries (ACE) in an ACL, allowing remote authenticated users to bypass intended protections. Connected sources confirm this is a vulnerabi...

9CVSS6.2AI score0.02045EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/02/16 12:0 a.m.23 views

CVE-2007-0968

Unspecified vulnerability in Cisco Firewall Services Module FWSM before 2.34.7 and 3.x before 3.13.1 causes the access control entries ACE in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections...

6.2AI score0.02045EPSS
Exploits0References6
Rows per page
Query Builder