6523 matches found
openvpn207.txt
Hi, There is a flaw well more a stupid design than anything else in OpenVPN 2.0.7 and below in the the Remote Management Interface that allows an attacker to gain complete control because there is NO AUTHENTICATION YES NO AUTHENTICATION AT ALL!. This can be carried out from within the LAN that th...
CVE-2006-2229
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...
DEBIAN-CVE-2006-2229
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...
CVE-2006-2229
OpenVPN 2.0.7 and earlier, when configured to use --management with an IP not equal to 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. The provided connected documents...
CVE-2006-2229
Removed by vendor...
CVE-2006-2229
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service...
Design/Logic Flaw
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express CUE 2.22 and earlier, when running on any CUE Advanced Integration Module AIM or Network Module NM, allows remote authenticated attackers to reset the password for any user with an expired password...
CVE-2006-2166
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express CUE 2.22 and earlier, when running on any CUE Advanced Integration Module AIM or Network Module NM, allows remote authenticated attackers to reset the password for any user with an expired password...
CVE-2006-2166
CVE-2006-2166 affects Cisco Unity Express (CUE) 2.2(2) and earlier when running on any CUE AIM or NM. The HTTP management interface contains an unspecified vulnerability that allows remote authenticated attackers to reset the password for any user with an expired password. The connected documents...
CVE-2006-2030
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing...
Design/Logic Flaw
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing...
CVE-2006-2030
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing...
Kerio WinRoute Firewall Management Detection (HTTP)
HTTP based detection of Kerio WinRoute Firewall application management interface. SPDX-FileCopyrightText: 2006 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
CVE-2005-3619
Cross-site scripting XSS vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when...
CVE-2005-4583
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting XSS...
CISCO Secure ACS Management Interface Login Overflow
It may be possible to make this Cisco Secure ACS web serverlogin.exe execute arbitrary code by sending it a too long login url. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2005-3182
CVE-2005-3182 : A buffer overflow in the HTTP management interface of GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code by sending overly long HTTP headers (notably Host and Accept ). The issue is described as occurring in the web/HTTP management component, with the vendor no...
CVE-2005-3182
Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as 1 Host and 2 Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could me...
ECIrouter.txt
Title: ECI router verification bypass and DoS Date: 24/07/2005 Impact: Log in verification bypass Vendors Status: Not contacted they were mean to me Overview: The B-FOCuS Router 312+ provides users with a reliable and secured ADSL2+ connection to the Internet. The 312+ has a single Ethernet port...
Siemens SANTIS 50 Authentication Vulnerability
Secure Network - Security Research Advisory Vuln name: Siemens SANTIS 50 Authentication Vulnerability Systems affected: Siemens Santis 50 Wireless router firmware version: 4.2.8.0 Likely to be affected: Ericsson HN294dp Dynalink RTA300W Severity: medium risk Local/Remote: Remote limited to the LA...