3463 matches found
Cisco Adaptive Security Appliance DHCPv6 Denial of Service Vulnerability
A vulnerability in the DHCP code of Cisco ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of an affected system. The vulnerability is due to insufficient validation of crafted or malformed DHCP version 6 DHCPv6 packets when DHCPv6 replay feature is enabled. An...
Huawei E355 contains a direct request vulnerability
Overview Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. CWE-425 Description Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request...
Juniper Junos Unnumbered Interface Cache Poisoning Remote DoS and Information Disclosure (JSA10595)
According to its self-reported version number, the remote Juniper Junos device is affected by denial of service and information disclosure vulnerabilities. An adjacent attacker can poison the ARP cache and create a bogus forwarding table entry for an IP address, effectively creating a denial of...
Cisco IOS Software DHCP Server remember Functionality Vulnerability
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit...
Cisco Unified Computing System FTP User Vulnerability
A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...
MiniUPnPd Information Disclosure (CVE-2013-2600)
Hi list, I am writing to inform you of an information disclosure vulnerability I noticed in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf while preparing SSDP responses. An attacke...
Cisco uBR10000 Series IPv4/IPv6 Dual Stack Vulnerability
Cisco uBR10000 Series Universal Broadband Routers contain a vulnerability that could allow an unauthenticated, adjacent attacker to trigger the reload of the routing engine on the affected device. An attacker could exploit this vulnerability by manipulating IPv4 and IPv6 address assignments on a...
Cisco Small Business Wireless Access Points SSID Validation Vulnerability
Cisco Small Business Wireless Access Points contain a vulnerability that could allow an unauthenticated, adjacent attacker cause a denial of service DoS condition. The vulnerability is due to improper validation of the Service Set Identifier SSID when the affected product is performing a "site...
JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
Design/Logic Flaw
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
CVE-2012-2377
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a...
Cisco IOS Software Crafted IPv6 over MPLS Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS on a targeted device. The vulnerability is due to the processing of IP version 6 IPv6 packets by the vulnerable version of software on an affected device. If an...
HP OpenView Network Node Manager execvp_nc Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM01207 or NNM01206 without the SSRT100025 hotfix. By specifying a long 'sel' parameter when calling methods within the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow...
CVE-2010-4052
Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...
DEBIAN-CVE-2010-4052
Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...
CVE-2010-4051
The regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service application crash via a regular expression containing adjacent bounded repetitions that bypass the intended REDUPMAX...
RIP Poisoning Routing Table Modification (Adjacent Network)
It was possible to poison the remote host routing tables through the RIP protocol. An attacker may use this to hijack network connections. Several RIP agents reject routes that are not sent by a neighbor, so this flaw may not be exploitable from a non-adjacent network. C Tenable Network Security,...
CVE-2007-5851
CVE-2007-5851 affects Apple Mac OS X 10.4.11's iChat. The issue allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. The OpenVAS/NVD entries reference Mac OS X Security Update 2007-009 as a remediation path, but the provided do...