Lucene search
K

686 matches found

Cvelist
Cvelist
added 2013/07/18 2:0 p.m.23 views

CVE-2013-4874

The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable...

6.4AI score0.00683EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/07/18 2:0 p.m.24 views

CVE-2013-4876

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt...

6.7AI score0.0072EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/07/18 2:0 p.m.30 views

CVE-2013-4875

The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt...

6.5AI score0.00725EPSS
Exploits0References3
CVE
CVE
added 2013/07/18 2:0 p.m.54 views

CVE-2013-4877

CVE-2013-4877 affects Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01. The root issue is that these devices do not use CAVE authentication, which allows an attacker to sniff registration packets over the network and obtain ESN and MIN values from arbitrary phones, enabling cloning...

2.6CVSS7AI score0.00784EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/07/18 2:0 p.m.54 views

CVE-2013-4875

The CVE-2013-4875 entry concerns the U-Boot bootloader used on the Verizon Wireless Network Extender SCS-2U01. The vulnerability allows a physically proximate attacker to bypass the intended boot process and reach a login prompt by connecting a crafted HDMI cable and issuing a SysReq interrupt. T...

6.2CVSS6.7AI score0.00725EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/07/18 2:0 p.m.47 views

CVE-2013-4876

The CVE-2013-4876 entry applies to the Verizon Wireless Network Extender SCS-2U01, where a hardcoded password for the root account enables physically proximate attackers to obtain administrative access via the device login prompt. The description documents the root cause (hardcoded root credentia...

6.2CVSS6.9AI score0.0072EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/07/18 2:0 p.m.20 views

CVE-2013-4877

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets...

6.8AI score0.00784EPSS
Exploits0References3
CVE
CVE
added 2013/07/18 2:0 p.m.53 views

CVE-2013-4874

CVE-2013-4874 affects the Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4. The vulnerability allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. Exploitation details ...

6.2CVSS6.6AI score0.00683EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2013/07/16 12:28 p.m.22 views

Verizon Network Extender femtocell hack intercepts calls

A $250 piece of hardware known as a femtocell, used to boost mobile phone signals for consumers and small businesses, is vulnerable to a complete takeover that attackers can use to intercept Internet traffic and cell phone calls. Two researchers from iSEC Partners are expected to provide more...

0.2AI score
Exploits0References4
CERT
CERT
added 2013/07/15 12:0 a.m.18 views

Verizon Wireless Network Extender multiple vulnerabilities

Overview iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devic...

7.8AI score
Exploits0References1
NVD
NVD
added 2011/10/05 2:56 a.m.24 views

CVE-2011-1827

Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...

9.3CVSS7.7AI score0.04519EPSS
Exploits1References4
Prion
Prion
added 2011/10/05 2:56 a.m.20 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...

9.3CVSS8.3AI score0.04519EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2011/10/05 1:0 a.m.31 views

CVE-2011-1827

Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...

7.6AI score0.04519EPSS
Exploits1References4
CVE
CVE
added 2011/10/05 1:0 a.m.122 views

CVE-2011-1827

CVE-2011-1827 : Multiple vulnerabilities in Check Point components (SSL Network Extender/SNX, SecureWorkSpace, Endpoint Security On-Demand) allow remote code execution via a signed ActiveX control or Java applet. Exploitation, as described by SEC Consult, involves loading a malicious page or docu...

9.3CVSS7.9AI score0.04519EPSS
Exploits1References4Affected Software3
Tenable Nessus
Tenable Nessus
added 2011/08/25 12:0 a.m.748 views

Check Point SSL Network Extender ActiveX Control Remote Code Execution

The version of the Check Point SSL Network Extender ActiveX control installed on the remote Windows host reportedly contains a remote code execution vulnerability. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to...

9.3CVSS6.2AI score0.04519EPSS
Exploits1References3
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.69 views

SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827

SEC Consult Vulnerability Lab Security Advisory 20110810-0 ======================================================================= title: Client-side remote file upload & command execution product: Check Point SSL VPN On-Demand applications signed Java applet and ActiveX control SSL Network...

9.3CVSS0.04519EPSS
Exploits1
securityvulns
securityvulns
added 2011/03/15 12:0 a.m.36 views

Checkpoint VPN - Priviledge Escalation

It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoint SNX...

0.5AI score
Exploits0
OpenVAS
OpenVAS
added 2010/10/08 12:0 a.m.34 views

IBM DB2 Multiple Vulnerabilities (Oct10)

The host is running IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2multvulnoct10.nasl 7585 2017-10-26 15:03:01Z cfischer $ IBM DB2 Multiple Vulnerabilities Oct10 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH,...

10CVSS0.8AI score0.09582EPSS
Exploits0References5
Prion
Prion
added 2010/10/05 6:0 p.m.20 views

Code injection

The Net Search Extender NSE implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service memory consumption and system hang via the db2ext.textSearch function...

4CVSS6.5AI score0.01125EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2010/10/05 5:0 p.m.24 views

CVE-2010-3740

The Net Search Extender NSE implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service memory consumption and system hang via the db2ext.textSearch function...

6AI score0.01125EPSS
Exploits0References3
Rows per page
Query Builder