686 matches found
CVE-2013-4874
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable...
CVE-2013-4876
The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt...
CVE-2013-4875
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt...
CVE-2013-4877
CVE-2013-4877 affects Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01. The root issue is that these devices do not use CAVE authentication, which allows an attacker to sniff registration packets over the network and obtain ESN and MIN values from arbitrary phones, enabling cloning...
CVE-2013-4875
The CVE-2013-4875 entry concerns the U-Boot bootloader used on the Verizon Wireless Network Extender SCS-2U01. The vulnerability allows a physically proximate attacker to bypass the intended boot process and reach a login prompt by connecting a crafted HDMI cable and issuing a SysReq interrupt. T...
CVE-2013-4876
The CVE-2013-4876 entry applies to the Verizon Wireless Network Extender SCS-2U01, where a hardcoded password for the root account enables physically proximate attackers to obtain administrative access via the device login prompt. The description documents the root cause (hardcoded root credentia...
CVE-2013-4877
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets...
CVE-2013-4874
CVE-2013-4874 affects the Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4. The vulnerability allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. Exploitation details ...
Verizon Network Extender femtocell hack intercepts calls
A $250 piece of hardware known as a femtocell, used to boost mobile phone signals for consumers and small businesses, is vulnerable to a complete takeover that attackers can use to intercept Internet traffic and cell phone calls. Two researchers from iSEC Partners are expected to provide more...
Verizon Wireless Network Extender multiple vulnerabilities
Overview iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devic...
CVE-2011-1827
Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...
CVE-2011-1827
Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...
CVE-2011-1827
CVE-2011-1827 : Multiple vulnerabilities in Check Point components (SSL Network Extender/SNX, SecureWorkSpace, Endpoint Security On-Demand) allow remote code execution via a signed ActiveX control or Java applet. Exploitation, as described by SEC Consult, involves loading a malicious page or docu...
Check Point SSL Network Extender ActiveX Control Remote Code Execution
The version of the Check Point SSL Network Extender ActiveX control installed on the remote Windows host reportedly contains a remote code execution vulnerability. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to...
SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827
SEC Consult Vulnerability Lab Security Advisory 20110810-0 ======================================================================= title: Client-side remote file upload & command execution product: Check Point SSL VPN On-Demand applications signed Java applet and ActiveX control SSL Network...
Checkpoint VPN - Priviledge Escalation
It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoint SNX...
IBM DB2 Multiple Vulnerabilities (Oct10)
The host is running IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2multvulnoct10.nasl 7585 2017-10-26 15:03:01Z cfischer $ IBM DB2 Multiple Vulnerabilities Oct10 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Code injection
The Net Search Extender NSE implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service memory consumption and system hang via the db2ext.textSearch function...
CVE-2010-3740
The Net Search Extender NSE implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service memory consumption and system hang via the db2ext.textSearch function...