Lucene search
K

282 matches found

Prion
Prion
added 2014/03/27 9:55 p.m.16 views

Design/Logic Flaw

The Application Layer Gateway ALG module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service device reload via crafted DNS packets, aka Bug ID CSCue00996...

7.1CVSS7AI score0.01669EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2013/07/11 2:55 p.m.23 views

CVE-2013-4688

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ALG is enabled, allows remote attackers to cause a denial of service daemon crash via crafted MSRPC requests, aka PR 772834...

7.8CVSS6.6AI score0.01911EPSS
Exploits0References2
Prion
Prion
added 2013/07/11 2:55 p.m.22 views

Design/Logic Flaw

flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways ALGs are enabled, allows remote attackers to cause a denial of service daemon crash via crafted TCP packets, aka PRs 727980, 806269, and 83559...

7.8CVSS7.1AI score0.02609EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/07/11 2:55 p.m.23 views

Code injection

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ALG is enabled, allows remote attackers to cause a denial of service daemon crash via crafted MSRPC requests, aka PR 772834...

7.8CVSS7.1AI score0.01911EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/07/11 2:0 p.m.34 views

CVE-2013-4688

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ALG is enabled, allows remote attackers to cause a denial of service daemon crash via crafted MSRPC requests, aka PR 772834...

6.6AI score0.01911EPSS
Exploits0References2
CVE
CVE
added 2013/03/28 11:0 p.m.60 views

CVE-2013-1145

CVE-2013-1145 affects Cisco IOS Software with Zone-Based Policy Firewall SIP application layer gateway inspection enabled. A memory leak in the SIP inspection path can be triggered by malformed SIP messages, leading to denial of service via memory exhaustion or device reload. Affected Cisco IOS r...

7.8CVSS6.8AI score0.01328EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2012/12/20 10:7 p.m.18 views

VMware View critical directory traversal vulnerability

DDI Vulnerability Research Team VRT for reported a critical vulnerability in VMware View Server , that is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive...

5CVSS6.8AI score0.02802EPSS
Exploits0
The Hacker News
The Hacker News
added 2012/12/20 11:7 a.m.47 views

VMware View critical directory traversal vulnerability

DDI Vulnerability Research Team VRT for reported a critical vulnerability in VMware View Server , that is a directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive...

5CVSS6.3AI score0.02802EPSS
Exploits0
ThreatPost
ThreatPost
added 2012/09/13 1:56 a.m.20 views

Demo of the CRIME TLS Attack

Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies. The attack works against bot...

2.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/09/29 12:0 a.m.36 views

Cisco IOS Software Network Address Translation Vulnerabilities (cisco-sa-20110928-nat)

The Cisco IOS Software network address translation NAT feature contains multiple denial of service DoS vulnerabilities in the translation of the following protocols : - NetMeeting Directory Lightweight Directory Access Protocol, LDAP - Session Initiation Protocol. Multiple vulnerabilities - H.323...

7.8CVSS7.2AI score0.02556EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2010/11/05 12:55 p.m.33 views

Uncovering Covert Command-and-Control Channels

As the line between securely hosted and controlled enterprise applications and cloud-based applications continues to blur, there’s more “legitimate” traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers and cybercriminals as more...

Exploits0References1
ThreatPost
ThreatPost
added 2010/10/05 6:31 p.m.10 views

The Five Key Things to Know About the Security of Your Networking Gear

Measuring the performance and security of your network equipment has never been more important than it is today. While there will always be tradeoffs between maximum throughput and maximum security, I want to emphasize the “and” in “performance and security.” Your devices must perform while...

0.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/04/21 2:47 p.m.7 views

Net Solutions' Hack Heightens Role of ISP in App Layer Security

According to research, the malicious iframe used in the latest Network Solutions attack pointed to corpadsinc.com which then downloads Adobe exploits onto victims’ machines. The hacks raise an issue increasingly being faced by Website owners: what’s the responsibility of the ISP or service or clo...

2.1AI score
Exploits0References2
Packet Storm
Packet Storm
added 2010/01/27 12:0 a.m.39 views

Geo++(R) GNCASTER Insecure Handling Of NMEA-Data

Advisory: Geo++R GNCASTER: Insecure handling of NMEA-data During a penetration test, RedTeam Pentesting discovered that the GNCaster software does not handle NMEA-data correctly. An attacker that has valid login credentials can use this to crash the server software or potentially execute code on...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2009/12/29 1:42 p.m.14 views

Network Weaknesses Exposed at 26C3 Berlin

At the 26th Chaos Communication Congress in Berlin, security researcher Fabian Yamaguchi demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Read the full article. The H...

1.4AI score
Exploits0References2
securityvulns
securityvulns
added 2009/12/22 12:0 a.m.51 views

TLS Renegotiation Vulnerability: Proof of Concept Code (Python)

Information about a vulnerability in the TLS protocol was published in the beginning of November 2009. Attackers can take advantage of that vulnerability to inject arbitrary prefixes into a network connection protected by TLS. This can result in severe vulnerabilities, depending on the applicatio...

0.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2009/04/14 12:0 a.m.7 views

Preemptive Protection against Microsoft ISA Server Cross-Site Scripting (XSS) Vulnerability (MS09-016)

A cross-site scripting XSS vulnerability has been reported in the cookieauth.dll component in Microsoft Internet Security and Acceleration ISA Server. ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN...

4.3CVSS5.3AI score0.22849EPSS
Exploits1
myhack58
myhack58
added 2006/01/26 12:0 a.m.15 views

Rookie Edition Expliot the guidelines for the preparation of the PNP the overflow vulnerability analysis+exploit-vulnerability warning-the black bar safety net

A month ago, and chat with friends, talked about now on the network, worms, viruses are increasingly rampant, the year before the“shock wave”, last year's“shock wave”, this year also don't know and out of what? The voice just fell, the one is named Zotob worm has been in a 8 on 1 to 5 November...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/14 12:0 a.m.33 views

Cisco VPN 3000 Concentrator Multiple Service Banner System Information Disclosure (CSCdu35577 HTTP Check)

The remote VPN concentrator gives out too much information in application layer banners. An incorrect page request provides the specific version of software installed. This vulnerability is documented as Cisco bug ID CSCdu35577. %NASLMINLEVEL 70300 This script was written by Michael J. Richardson...

5CVSS5.5AI score0.0158EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2003/03/01 12:0 a.m.23 views

Cisco VPN 3000 Concentrator Multiple Service Banner System Information Disclosure (CSCdu35577)

According to its banner, the remote VPN concentrator gives out too much information in application layer banners. This vulnerability is documented as Cisco bug ID CSCdu35577. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

5CVSS5.5AI score0.0158EPSS
Exploits0References2
Rows per page
Query Builder