CVE-2011-1591

CVE-2011-1591 : Wireshark 1.4.x contains a stack-based buffer overflow in the DECT dissector (epan/dissectors/packet-dect.c). A crafted .pcap enables remote code execution. Affected version range is Wireshark 1.4.x prior to 1.4.5; exploitation involves processing a malformed packet trace file. Mi...

CVE-2011-1591

Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file...

Wireshark < 1.2.16 / 1.4.5 Multiple Vulnerabilities

The installed version of Wireshark is 1.2.x less than 1.2.16 or 1.4.x less than 1.4.5. Such versions are affected by the following vulnerabilities : - A data type mismatch error exists in the function 'dissectnfsclientaddr4' in the file 'packet-nfs.c' of the NFS dissector and could lead to...

Wireshark DECT dissector vulnerability

Overview Wireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file. Description Paul Makowski's report states:/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to...

DECT标准密码加密绕过漏洞

Bugraq ID: 38152 DECT是数字增强型无线通讯标准。 DECT标准密码DSC加密标准存在加密绕过问题，允许攻击者恢复密钥。 攻击者可以利用漏洞破解DSC加密算法，然后读取无线设备发送到基站的加密数据，允许攻击者获得敏感信息。 针对DECT标准密码的分析将在FSE2010会议上演讲。总的来说可以在PC上在几分钟内恢复DSC的密钥，但是需要几小时获取足够多的密钥流。 DECT Forum DECT 目前没有解决方案提供： http://www.dect.org/index.aspx...

DECT cordless telephone security test-use-vulnerability warning-the black bar safety net

Disclaimer: This article tests the use of the DECT phone are has himself, strongly opposed any who used to be discord, or even break the law.! Just use the "hack DECT cordless phone" as keyword Google the following. Found this 2 articles: hack crack DECT cordless telephone security system...

DECT Base Station Scanner

This module scans for DECT base stations This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DECT Base Station Scanner', 'Description' = 'This module scans for DECT base stations', 'Author' = 'DK '...

DECT Call Scanner

This module scans for active DECT calls This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DECT Call Scanner', 'Description' = 'This module scans for active DECT calls', 'Author' = 'DK ' , 'Licens...

DECT cordless telephone security test-use-vulnerability warning-the black bar safety net

Disclaimer: This article tests the use of the DECT phone are has himself, strongly opposed any who used to be discord, or even break the law.! Just use the "hack DECT cordless phone" as keyword Google the following. Found this 2 articles: hack crack DECT cordless telephone security system...

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4876

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

CVE-2008-4875

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. dot dot in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access ...

Cross site scripting

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

Directory traversal

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. dot dot in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access ...

Design/Logic Flaw

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4875

Philips Electronics VOIP841 DECT Phone web server (firmware 1.0.4.50 and 1.0.4.80) is subject to a directory traversal vulnerability via a .. in GET requests, allowing remote authenticated users to read arbitrary files. The issue is documented as CVE-2008-4875. It is noted that this can be levera...

CVE-2008-4876

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

CVE-2008-4876

The CVE-2008-4876 entry concerns an XSS vulnerability in the web server component of Philips Electronics VOIP841 DECT Phone. Affected firmware versions 1.0.4.50 and 1.0.4.80 allow remote attackers to inject arbitrary web script or HTML via the request URL because it is not properly sanitized in t...

CVE-2008-4874

CVE-2008-4874 concerns Philips Electronics VOIP841 DECT Phone firmware 1.0.4.50 and 1.0.4.80, which allegedly contains a back door account named “service” with password “service,” enabling remote access. The incident is documented across multiple sources (NVD/CVE records) and described as a backd...