21 matches found
EUVD-2013-1258
Malware in sbrugna...
EUVD-2014-0750
Malware in sbrugna...
EUVD-2014-0751
Malware in sbrugna...
EUVD-2014-0749
Malware in sbrugna...
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or...
CVE-2015-0654
Cisco IPS CVE-2015-0654 is a race condition in the TLS subsystem of MainApp on the management interface that can be exploited by remote attackers establishing numerous HTTPS sessions to cause the MainApp process to become unresponsive (DoS). Affected software is Cisco IPS Software prior to 7.3(3)...
CVE-2015-0654
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System IPS Software before 7.33E4 allows remote attackers to cause a denial of service process hang by establishing many HTTPS sessions, aka Bug ID CSCuq40652...
CVE-2014-0718
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via fragmented packets, aka Bug ID CSCui91266...
CVE-2014-0720
Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via a flood of jumbo frames, aka Bug ID CSCuh94944...
CVE-2014-0719
The control-plane access-list implementation in Cisco IPS Software before 7.18p2E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service MainApp process outage via crafted packets to TCP port 7000, aka Bug ID CSCui67394...
Code injection
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via fragmented packets, aka Bug ID CSCui91266...
Hardcoded credentials
The control-plane access-list implementation in Cisco IPS Software before 7.18p2E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service MainApp process outage via crafted packets to TCP port 7000, aka Bug ID CSCui67394...
CVE-2014-0720
Cisco IPS Software is affected by CVE-2014-0720, where unauthenticated remote attackers can cause a denial of service by flooding the device with jumbo frames, leading to an Analysis Engine process outage. The issue is part of multiple DoS vulnerabilities in Cisco IPS Software 7.1/7.2 prior to th...
CVE-2014-0719
Cisco IPS Software contains a denial-of-service vulnerability (CVE-2014-0719) in the control-plane MainApp. The flaw arises from improper handling of malformed TCP packets sent to the management interface on port 7000, allowing remote unauthenticated attackers to cause the MainApp process outage....
CVE-2014-0718
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via fragmented packets, aka Bug ID CSCui91266...
Cisco IPS Software拒绝服务漏洞(CVE-2014-0720)
BUGTRAQ ID: 65669 CVECAN ID: CVE-2014-0720 Cisco IPS Software是网络入侵防御软件。 Cisco IPS处理大量的巨型帧时存在安全漏洞,未经身份验证的远程攻击者可利用此漏洞造成分析引擎进程崩溃,导致拒绝服务。 0 Cisco IPS 4200 Series Sensors 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(cisco-sa-20140219-ips)以及相应补丁: cisco-sa-20140219-ips:Multiple Vulnerabilities in Cisco IPS...
Cisco IPS Software分析引擎拒绝服务漏洞
Bugtraq ID:65665 CVE ID:CVE-2014-0718 Cisco IPS Software是一款思科开发的入侵防御系统。 Cisco IPS Software produce-verbose-alert代码存在安全漏洞,允许未验证远程攻击者使Analysis引擎变得不稳定。 漏洞是由于在启用produce-verbose-alert动作时分析引擎不正确处理分片报文,攻击者可发送特制的分片报文使受影响系统分析引擎变得不稳定,造成拒绝服务攻击。 0 Cisco IPS Software versions 7.1 Cisco IPS Software versions 7...
Cisco IPS Software Control-Plane MainApp拒绝服务漏洞
Bugtraq ID:65667 CVE ID:CVE-2014-0719 Cisco IPS Software是一款思科开发的入侵防御系统。 Cisco IPS Software上的Control-plane访问列表实现中存在漏洞,允许未验证远程攻击者使MainApp进程变得不稳定。 漏洞是由于不正确处理发送给受影响系统的管理IP地址的畸形TCP报文,向TCP 7000端口发送特制报文可使MainApp进程变得不稳定。 0 Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card AIP SSC...
Cisco UCS Director Software Has Default Credentials Open to Attackers
Cisco’s UCS Director infrastructure management product contains a set of default credentials that any remote attacker can exploit to take complete control of any vulnerable machine. The flaw is in UCS Director versions 4.0.0.2 and below. The Cisco UCS Director software is designed to allow...
Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20130717-ips)
According to its self-reported version, the version of the Cisco Intrusion Prevention System Software running on the remote host has the following vulnerabilities : - The IP stack in Cisco IPS Software could allow remote attackers to cause a denial of service DoS condition via malformed IPv4...