695 matches found
SmartDefense Profiles Available for Users of VPN-1 NGX R62: Assigning a Profile per Gateway
The most significant enhancement in the NGX R62 release is the enablement of SmartDefense Profiles. SmartDefense Profiles expand the flexibility and granularity of security defenses, while allowing central control and management of the security infrastructure. By defining multiple SmartDefense...
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
A vulnerability exists in certain Cisco IOS ® software release trains running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol SNMP community string...
Cisco Security Advisory: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms Document ID: 71255 Advisory ID: cisco-sa-20060920-docsis http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml Revision 1.0 For Public Release 20...
2wire gateways DoS
Incomplete HTTP request for Web-interface causes device to crash...
Microsoft DNS Client buffer overflow
Overview The Microsoft DNS Client service contains a remote code execution vulnerability that could allow a remote attacker to take complete control of the affected system. Description From Microsoft TechNet: The Domain Name System DNS client service resolves and caches DNS names. The DNS client...
Security Best Practice: MGCP Protocol Enforcement
MGCP is an implementation of the Media Gateway Control Protocol architecture1 for controlling Media Gateways on Internet Protocol IP networks and the public switched telephone network PSTN.MGCP is a signaling and call control protocol used within Voice over IP VoIP systems that typically...
Invision Vulnerabilities, including remote code execution
Several Invision Flaws 2.1.5 and possibly earlier --------------------------------------------------- IceShaman & Wells HackThisSite.org 1 Code execution sources/actionpublic/search.php line 1261 $this-output = pregreplace "value="'$this-ipsclass-input'lastdate'"'i", "1 selected='selected'",...
Symantec Dynamic VPN Services: ISAKMP Denial of Service
SUMMARY The NISCC National Infrastructure Security Co-ordination Centre a UK-sponsored inter-departmental agency has identified nearly five-thousand potential ISAKMP vulnerabilities. Test for these vulnerabilities were created by the NISCC and distributed to an unspecified number of vendors...
VocalTec VGW120/VGW480 Telephony Gateway Remote H.225 - Denial of Service
// source: https://www.securityfocus.com/bid/10411/info It has been reported that the VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack. A remote attacker may exploit this issue to den...
Re: multiple payload handling flaws in isakmpd, again
There is one important thing I forgot to mention. In isakmpd deleting an IPsec SA also means deleting the appropriate IPsec policy in almost any case. Take a look at pfkeyv2deletespi in pfkeyv2.c. It calls pfkeyv2disablesa, the policy eraser ;-, if the SA was not acquired through the kernel: if...
Cayman gateways ship with null administrative and user level passwords
Overview Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. Description Cayman...
Cayman gateways are vulnerable to a denial of sevices via a long username or password
Overview Cayman gateways are vulnerable to a denial of service via the entry of a long username or password sent to the HTTP interface. Description Cayman gateways automatically restart upon the entry of a large79+ chars username or password to the HTTP interface. The log will show "restart not i...
Cayman gateways are vulnerable to a denial of service via a portscan
Overview Cayman gateways are vulnerable to a denial of service. An attacker can send a number of TCP connect requests or SYN packets, in conjunction with a "Bouncing" vulnerability, and can cause a denial of service to the gateway. Description The gateway will crash after receiving a number of TC...
Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.
Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...
CVE-2000-0238
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL...