CVE-2019-1870

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email ECE Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2019-1870

CVE-2019-1870 describes a cross-site scripting (XSS) vulnerability in Cisco Enterprise Chat and Email (ECE) Center’s web-based management interface. The issue stems from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to persuade a user to click a craf...

CVE-2019-1870 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email ECE Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email ECE Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2018-3828

Elastic Cloud Enterprise (ECE) prior to version 1.1.4 contains an information exposure vulnerability where certain exception conditions can leak encryption keys, passwords, and other sensitive headers to allocator logs. An attacker with access to the logging cluster could obtain leaked credential...

CVE-2018-3825

The CVE-2018-3825 entry concerns Elastic Cloud Enterprise (ECE) before version 1.1.4, where a default master encryption key is used when granting ZooKeeper access to Elasticsearch clusters. The key is described as predictable across deployments unless overwritten, enabling an attacker who can con...

CVE-2018-3829

CVE-2018-3829 affects Elastic Cloud Enterprise (ECE) - versions prior to 1.1.4. The issue allows a user to scale out allocators on new hosts using an invalid roles token. An attacker with access to the previous runner ID and the coordinator-host IP could add an allocator to an existing ECE instal...

ECE Projects 'tx_solr[q]' Parameter Cross-Site Scripting Vulnerability

ECE Projects is a project management application. ECE Projects handles a cross-site scripting vulnerability in the 'txsolrq' parameter, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitive information or...

ECE Projects Cross Site Scripting

ECE Projects XSS Cross-site Scripting Security Vulnerabilities Exploit Title: ECE Projects XSS Cross-site Scripting Security Vulnerabilities Vendor: ECE Projektmanagement G.m.b.H. & Co. KG ECE Product: ECE Projects Vulnerable Versions: Tested Version: Advisory Publication: April 01, 2015 Latest...

Firewall ECE-bit Bypass

The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. SPDX-FileCopyrightText: 2004 Andrey I. Zakharov and John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Firewall ECE-bit bypass

The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. At least one firewall ipfw is known to exhibit this sort of behavior. Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and 4.2-STABL...

[EXPL] IPFW ECE Firewall Bypassing Exploit

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion

The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. At least one firewall ipfw is known to exhibit this sort of behavior. Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and 4.2-STABL...

CVE-2001-0183

The CVE-2001-0183 issue affects ipfw/ip6fw on FreeBSD 4.2 and earlier, where a remote attacker can bypass access restrictions by setting the ECE bit in a TCP packet so it appears part of an established connection. OpenVAS/Nessus entries corroborate the firewall ECE-bit bypass behavior on FreeBSD ...

CVE-2001-0183

ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection...

Security Advisory: FreeBSD-SA-01:08.ipfw

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:08 Security Advisory FreeBSD, Inc. Topic: ipfw/ip6fw allows bypassing of 'established' keyword Category: core Module: kernel Announced: 2001-01-23 Credits: Aragon Gouveia...

Дырка в ipfw

Правило established не срабатывает на пакетах, где вместе с SYN установлен флаг ECE...

FreeBSD 3.x4.x - ipfw Filtering Evasion

FreeBSD 3.x4.x - ipfw Filtering Evasion source: www.securityfocus.com/bid/2293/info There exists a serious vulnerability in FreeBSD's implementation of packet filtering for IPv4 and IPv6. The vulnerability exists in situations where a filtering rule permits packets through if they are part of an...

FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion

source: www.securityfocus.com/bid/2293/info There exists a serious vulnerability in FreeBSD's implementation of packet filtering for IPv4 and IPv6. The vulnerability exists in situations where a filtering rule permits packets through if they are part of an established connection. It is possible f...