EUVD-2009-2853

Malware in sbrugna...

Security Bulletin: OpenSSL vulnerability in IBM SAN Volume Controller and Lenovo Storwize Family (CVE-2014-0224)

Summary An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and server. Vulnerability...

Juniper Junos OS Path Traversal Vulnerability

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

CVE-2021-32693

Symfony framework vulnerability CVE-2021-32693: When an application defines multiple firewalls, the authentication token from one firewall could be usable across other firewalls in versions 5.3.0–5.3.1. This could allow a user authenticated on one part of the app to be treated as authenticated on...

CVE-2021-0261

CVE-2021-0261 affects Juniper Junos OS J-Web and related HTTP/HTTPS services, allowing an unauthenticated attacker to cause an extended DoS by sending a high volume of specific requests. Affected versions include multiple Junos OS releases across EX and SRX lines (e.g., 12.3 before 12.3R12-S17; 1...

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...

CVE-2020-1631

CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...

VulnCheck KEV: CVE-2020-1631

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

CVE-2020-1631

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

Security Bulletin: CLI access security issue on IBM System Storage Storwize V7000 Unified (CVE-2014-0880)

Summary CLI security issue. Vulnerability Details CVEID: CVE-2014-0880 DESCRIPTION: An unauthorized user with network access to a system's administrative IP Internet Protocol address may be able to gain access to the block CLI Command Line Interface of the system, allowing the user to issue all...

CVE-2005-2841

Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials...

CVE-2005-2841

The CVE-2005-2841 issue targets Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions. A buffer overflow in this feature on specific IOS releases (12.2ZH/12.2ZL, 12.3/12.3T, 12.4/12.4T) allows remote attackers to cause a denial of service and potentially execute arbitrary code vi...

Cisco IOS 12.x - Firewall Authentication Proxy Buffer Overflow

source: https://www.securityfocus.com/bid/14770/info Cisco IOS Firewall Authentication Proxy is prone to a buffer overflow condition. Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code. This issue affects the FTP and Telnet protocols, bu...

AOL Instant Messenger vulnerable to buffer overflow via crafted "addbuddy" URI sent in message

Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a widely used program for communicating with other users over the Internet. A buffer overflow exists in the processing of the addbuddy parameter of t...