30 matches found
EUVD-2002-0941
Malware in sbrugna...
EUVD-2002-1538
Malware in sbrugna...
EUVD-2002-1539
Malware in sbrugna...
EUVD-2002-1540
Malware in sbrugna...
EUVD-2002-1537
Malware in sbrugna...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the web interface of Cisco ONS15454 controller cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to incorrect parsing of the HTTP URI. An attacker could exploit this vulnerability by sending specific HTTP requests...
Cisco Security Advisory: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities Revision 1.0 For Public Release 2003 May 01 at 1600 UTC GMT ---------------------------------------------------------------------- Contents Summary...
Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities
...
CVE-2002-0952
Affected product/versions: Cisco ONS15454 optical transport platform running ONS 3.1.0–3.2.0. Vulnerability: Remote attackers can cause a denial of service (reset) by sending IP packets with non‑zero TOS bits to the Timing Control Card (TCC) LAN interface. Root cause (as stated): Improper handlin...
CVE-2002-0952
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service reset by sending IP packets with non-zero Type of Service TOS bits to the Timing Control Card TCC LAN interface...
CVE-2002-1554
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup...
CVE-2002-1555
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information...
CVE-2002-1553
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist...
CVE-2002-1557
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service reset to TCC, TCC+, TCCi or XTC via a malformed HTTP request that does not contain a leading / slash character...
CVE-2002-1557
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service reset to TCC, TCC+, TCCi or XTC via a malformed HTTP request that does not contain a leading / slash character...
CVE-2002-1553
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist...
CVE-2002-1555
Cisco ONS CVE-2002-1555 affects Cisco ONS15454 and ONS15327 running ONS before 3.4, where a default, unchangeable SNMP public community string allows remote attackers to obtain sensitive information. The provided documents do not include a remediation or patch details; upgrade/mitigation specific...
CVE-2002-1558
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet...
CVE-2002-1553
The CVE-2002-1553 entry affects Cisco ONS15454 and ONS15327 running ONS prior to 3.4. The vulnerability lets a remote attacker modify system configuration and delete files by connecting via FTP to the TCC, TCC+ or XTC using a non-existent username/password. Connected sources corroborate the issue...
CVE-2002-1556
Cisco ONS15454 and ONS15327 devices running ONS prior to version 3.4 are vulnerable to a denial-of-service (reset) via an HTTP request to the TCC, TCC+ or XTC that includes an invalid CORBA Interoperable Object Reference (IOR). The affected hardware/software are Cisco ONS platforms mentioned in C...