77 matches found
Memory corruption
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service memory consumption by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID...
CVE-2010-2836
CVE-2010-2836 describes a memory leak in Cisco IOS SSL VPN when HTTP port redirection is enabled. A remote attacker can exploit this by disconnecting SSL sessions, causing sessions to linger in CLOSE_WAIT and eventual memory exhaustion, potentially denying service to new connections. Affected sof...
CVE-2010-2836
Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote attackers to cause a denial of service memory consumption by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID...
CVE-2009-4302
login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...
CVE-2009-4302
login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...
CVE-2009-4302
The CVE-2009-4302 issue affects Moodle: login/index_form.html in Moodle 1.8 (before 1.8.11) and 1.9 (before 1.9.7) links to an HTTP page even when served over HTTPS, which can cause credentials to be transmitted in cleartext. This is a remote vulnerability allowing credential sniffing. Supported ...
Trend Micro OfficeScan Policy Server CGI buffer overflow
Added: 03/03/2008 CVE: CVE-2008-1365 BID: 28020 OSVDB: 42500 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by...
Trend Micro OfficeScan Policy Server CGI buffer overflow
Added: 03/03/2008 CVE: CVE-2008-1365 BID: 28020 OSVDB: 42500 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by...
Microsoft Internet Explorer - createTextRang Remote (Metasploit)
Microsoft Internet Explorer - createTextRang Remote Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...
[Full-disclosure] APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce
APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce By Sowhat 2005.07.13 http://secway.org/Advisory/AD20050713.txt Vendor Apple Inc. Product Affected Darwin Streaming Server 5.5 and below for Win32 CVE-ID: CAN-2005-2195 OverView: Darwin Streaming Server is server technology allowing...
Thomson Cablemodem TCM315 - Denial of Service
Thomson Cablemodem TCM315 - Denial of Service // source: https://www.securityfocus.com/bid/9091/info A problem has been identified in Thomson Cable Modems when handling long requests on the HTTP port. Because of this, it may be possible for an attacker to deny service to legitimate users of the...
CVE-2003-0502
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service crash via a .. dot dot sequence followed by an MS-DOS device name e.g. AUX in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421...
CVE-2003-0502
CVE-2003-0502 affects Apple QuickTime / Darwin Streaming Server up to version 4.1.3g. The vulnerability enables a remote denial-of-service (crash) when a crafted HTTP request to port 1220 contains a \..\ sequence followed by an MS-DOS device name (e.g., AUX). The condition is that the software is...
HP ProCurve Switch 4000M - SNMP Write Denial of Service
source: https://www.securityfocus.com/bid/5336/info An issue has been reported with the HP ProCurve 4000M Switch. An attacker with SNMP write access to the device may write to the SNMP variable .iso.3.6.1.4.1.11.2.36.1.1.2.1.0. If more than 85 characters are written to this variable, the device...
3Com OfficeConnect DSL Router 812 1.1.7/840 1.1.7 - HTTP Port Router Denial of Service
// source: https://www.securityfocus.com/bid/2721/info OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an onboard 4 port switch. A problem in the firmware included with this router could allow a...
CVE-1999-0437
CVE-1999-0437 affects WebRamp systems. Remote attackers can trigger a denial-of-service by sending a malicious string to the HTTP port. The CVSSv2 base score is 5.0 (Medium) with network access, low attack complexity, and partial impact on availability. Public details across connected records con...
Xylogics Annex Terminal Service ping CGI Program DoS
It was possible to crash the remote Annex terminal by connecting to the HTTP port, and requesting the '/ping' CGI script with an argument that is too long. For example: http://www.example.com/ping?query=AAAAA...AAAAA %NASLMINLEVEL 70300 C Tenable Network Security, Inc...