Lucene search
K

6523 matches found

Packet Storm
Packet Storm
added 2006/05/06 12:0 a.m.40 views

openvpn207.txt

Hi, There is a flaw well more a stupid design than anything else in OpenVPN 2.0.7 and below in the the Remote Management Interface that allows an attacker to gain complete control because there is NO AUTHENTICATION YES NO AUTHENTICATION AT ALL!. This can be carried out from within the LAN that th...

7.4AI score
Exploits0
NVD
NVD
added 2006/05/05 7:2 p.m.24 views

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

4CVSS6.8AI score0.01346EPSS
Exploits0References5
OSV
OSV
added 2006/05/05 7:2 p.m.3 views

DEBIAN-CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

4CVSS6.9AI score0.01346EPSS
Exploits0References1
CVE
CVE
added 2006/05/05 7:0 p.m.61 views

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use --management with an IP not equal to 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. The provided connected documents...

4CVSS6.8AI score0.01346EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2006/05/05 7:0 p.m.34 views

CVE-2006-2229

Removed by vendor...

4CVSS6.7AI score0.01346EPSS
Exploits0
Cvelist
Cvelist
added 2006/05/05 7:0 p.m.25 views

CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...

6.7AI score0.01346EPSS
Exploits0References5
Prion
Prion
added 2006/05/04 12:38 p.m.15 views

Design/Logic Flaw

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express CUE 2.22 and earlier, when running on any CUE Advanced Integration Module AIM or Network Module NM, allows remote authenticated attackers to reset the password for any user with an expired password...

2.1CVSS7AI score0.01616EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/05/04 10:0 a.m.20 views

CVE-2006-2166

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express CUE 2.22 and earlier, when running on any CUE Advanced Integration Module AIM or Network Module NM, allows remote authenticated attackers to reset the password for any user with an expired password...

6.5AI score0.01616EPSS
Exploits0References7
CVE
CVE
added 2006/05/04 10:0 a.m.47 views

CVE-2006-2166

CVE-2006-2166 affects Cisco Unity Express (CUE) 2.2(2) and earlier when running on any CUE AIM or NM. The HTTP management interface contains an unspecified vulnerability that allows remote authenticated attackers to reset the password for any user with an expired password. The connected documents...

2.1CVSS6.5AI score0.01616EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2006/04/26 12:6 a.m.11 views

CVE-2006-2030

The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing...

5CVSS6.8AI score0.0123EPSS
Exploits0References2
Prion
Prion
added 2006/04/26 12:6 a.m.14 views

Design/Logic Flaw

The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing...

5CVSS7.3AI score0.0123EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/04/26 12:0 a.m.16 views

CVE-2006-2030

The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing...

6.8AI score0.0123EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.16 views

Kerio WinRoute Firewall Management Detection (HTTP)

HTTP based detection of Kerio WinRoute Firewall application management interface. SPDX-FileCopyrightText: 2006 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

7.1AI score
Exploits0
NVD
NVD
added 2005/12/31 5:0 a.m.18 views

CVE-2005-3619

Cross-site scripting XSS vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when...

6.8CVSS5.6AI score0.01423EPSS
Exploits1References3
NVD
NVD
added 2005/12/29 11:3 a.m.16 views

CVE-2005-4583

Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting XSS...

4.3CVSS6.6AI score0.03597EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.31 views

CISCO Secure ACS Management Interface Login Overflow

It may be possible to make this Cisco Secure ACS web serverlogin.exe execute arbitrary code by sending it a too long login url. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS7.2AI score0.05894EPSS
Exploits0References1
CVE
CVE
added 2005/10/20 4:0 a.m.47 views

CVE-2005-3182

CVE-2005-3182 : A buffer overflow in the HTTP management interface of GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code by sending overly long HTTP headers (notably Host and Accept ). The issue is described as occurring in the web/HTTP management component, with the vendor no...

7.5CVSS7.9AI score0.03995EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2005/10/20 4:0 a.m.21 views

CVE-2005-3182

Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as 1 Host and 2 Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could me...

7.9AI score0.03995EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2005/07/28 12:0 a.m.46 views

ECIrouter.txt

Title: ECI router verification bypass and DoS Date: 24/07/2005 Impact: Log in verification bypass Vendors Status: Not contacted they were mean to me Overview: The B-FOCuS Router 312+ provides users with a reliable and secured ADSL2+ connection to the Internet. The 312+ has a single Ethernet port...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/07/25 12:0 a.m.34 views

Siemens SANTIS 50 Authentication Vulnerability

Secure Network - Security Research Advisory Vuln name: Siemens SANTIS 50 Authentication Vulnerability Systems affected: Siemens Santis 50 Wireless router firmware version: 4.2.8.0 Likely to be affected: Ericsson HN294dp Dynalink RTA300W Severity: medium risk Local/Remote: Remote limited to the LA...

0.5AI score
Exploits0
Rows per page
Query Builder