Cisco IOS XR Software DHCP Version 6 Process Hang Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a hang condition of the DHCPv6 server process that could cause the software to stop processing DHCPv6 requests. The vulnerability is due to incorrect handling of...

Cisco Unified Web and E-Mail Interaction Manager Broken Authentication Vulnerability

A vulnerability in Cisco Unified Web and E-Mail Interaction Manager could allow an unauthenticated, remote attacker to capture, forge, or brute force a session identifier transmitted as a parameter in GET requests. The vulnerability is due to improper use of session identifiers in GET requests. A...

Cisco IOS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in Link Layer Discovery Protocol LLDP in Cisco switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. The vulnerability is due to incorrect handling of malformed LLDP packets. An attacker could exploit this vulnerability by sending a...

Cisco Security Manager AUS Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient input validation of a parameter, which affects the Auto Update...

Cisco Unified Web and E-mail Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the Cisco Unified Web and E-mail Interaction Manager web interface. The vulnerability is due to insufficient input...

Cisco Unified Web and E-mail Interaction Manager XML External Entities Vulnerability

A vulnerability in the /system/egain/chat/entrypoint script of Cisco Unified Web and E-mail Interaction Manager could allow an unauthenticated, remote attacker to inject malicious XML entities. The vulnerability is due to inadequate input validation. An attacker could exploit this vulnerability b...

TFTPD32 4.5 TFTPD64 4.5 - Denial of Service (PoC)

TFTPD32 4.5 TFTPD64 4.5 - Denial of Service PoC Exploit Title: TFTPD32 4.5 / TFTPD64 4.5 DoS poc Date: 13/05/2014 Exploit Author: j0s3h4x0r Homepage: http://tftpd32.jounin.net/tftpd32testimonials.html Software Link: http://tftpd32.jounin.net/download/tftpd32.450.zip Version: 4.5 32 bits / 4.5 64...

Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF...

Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCP code of Cisco ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of an affected system. The vulnerability is due to insufficient validation of crafted or malformed DHCP version 6 DHCPv6 packets when DHCPv6 replay feature is enabled. An...

Cisco IOS XE Software Malformed L2TP Packet Vulnerability

A vulnerability in the Layer 2 Tunneling Protocol L2TP module of Cisco IOS XE on Cisco ASR 1000 Series Routers could allow an authenticated, remote attacker to cause a reload of the processing ESP card. The vulnerability occurs during the processing of a malformed L2TP packet. An attacker could...

Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem

The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerabili...

Cisco Emergency Responder Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Emergency Responder Cisco ER UserServlet of Cisco ER Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the Cisco ER web interface. The vulnerability is due to insufficient input validation of a...

Cisco Emergency Responder Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a web page open redirection attack against a user browser of the Cisco Emergency Responder. The vulnerability is due to insufficient input validation of several parameters...

Cisco Security Manager HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to inject a crafted HTTP header, which will cause a web page redirection to a possible malicious website. The vulnerability is due to insufficient validation of user input before using i...

Full Disclosure List Rises From the Ashes For Fresh Start

When the Full Disclosure mailing list closed down last week, many in the security community wondered what, if anything, would fill the void. As it turns out, Full Disclosure will fill that void. John Cartwright, one of the creators of the list, announced on March 19 that he was shutting it down...

Full Disclosure Security Mailing List Shuts Down

The Full Disclosure security mailing list, which has been one of the main discussion forums for vulnerability and exploit information for 12 years, is shutting down because “‘one of our own’ would undermine the efforts of the last 12 years”, one of the creators said. John Cartwright, one of the...

Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues

Issues in the cryptographic implementation of Cisco Intelligent Automation for Cloud Cisco IAC may allow an unauthenticated, remote attacker to recover cryptographic material used in all Cisco IAC installations. The issues are due to the inclusion of fixed cryptographic material in the product...

IE Zero Day Exploits Increase Just Before Patch

Attackers have increased their exploitation of an Internet Explorer zero day vulnerability CVE-2014-0322 set to be fixed by Microsoft in its regularly scheduled patch Tuesday release later this afternoon. According to a Websense report, the exploit source code deployed in at least two incidents –...

KMPlayer 3.8.0.117 - Local Buffer Overflow

!/usr/bin/python KMPlayer 3.8.0.117 Buffer Overflow Author: metacom Tested on: Windows Xp pro-sp3 En Download link :http://www.chip.de/downloads/KMPlayer33859258.html Version: 3.8.0.117 Kmp Plus Howto / Notes: Run KMPlayer Playlist Editor New Album and paste Exploit Code import struct def...