33 matches found
LG On Screen Phone authentication bypass (CVE-2014-8757)
LG On Screen Phone authentication bypass vulnerability ------------------------------------------------------ SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the...
CVE-2014-8757
LG On-Screen Phone OSP before 4.3.010 allows remote attackers to bypass authorization via a crafted request...
CVE-2014-8757
LG On Screen Phone (OSP) before 4.3.010 is vulnerable to an authentication bypass via crafted requests. The issue is implemented in the OSP component listening on 0.0.0.0:8382, where an attacker on the same local network can bypass the confirmation dialog and gain full control of the phone withou...
CVE-2014-0041
OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...
Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet Advisory ID: cisco-sa-20080924-ssl http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC GMT -...
CVE-2007-2166
OpenSurveyPilot (osp) 1.2.1 and earlier is affected by CVE-2007-2166: a PHP remote file inclusion in administration/user/lib/group.inc.php allows an attacker to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. The issue is tied to osp versions before or equal to 1.2.1....
osp <= 1.2.1 (cfgPathToProjectAdmin) Remote File Include Vulnerablities
osp = 1.2.1 cfgPathToProjectAdmin Remote File Include Vulnerablities D.Script: http://nlcac.internationalstudents.asn.au/osp1.01RC1.tar http://sourceforge.net/projects/osp/ latest Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net & TrYaG.CoM & MoHaNdKo.CoM Exploit:...
CVE-2006-6875
CVE-2006-6875 affects OpenSER 1.1.0 and earlier, with a buffer overflow in the validateospheader function of the Open Settlement Protocol (OSP) module that enables remote code execution via a crafted OSP header. No exploitation details are provided in the connected documents. No remediation is st...
CVE-2006-6836
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing...
CVE-2006-6836
CVE-2006-6836 concerns multiple unspecified vulnerabilities in osp-cert for IBM OS/400 V5R3M0, tied to ASN.1 parsing. Connected sources reference ASN.1 parsing as the underlying issue and describe unspecified impact and attack vectors, with no detailed affected components, versions, or a remediat...
OpenSER OSP模块Validateospheader函数缓冲区溢出漏洞
OpenSER是一款开放源码的SIP服务器。 OpenSER的开放结算协议(OSP)模块中Validateospheader函数在处理特制报文时存在缓冲区溢出,远程攻击者可能利用此漏洞在服务器上执行任意指令。 漏洞相关的代码如下: int validateospheader struct sipmsg msg, char ignore1, char ignore2 如果攻击者向服务器发送了恶意报文的话就可能触发这个漏洞,导致远程执行任意指令。 OpenSER OpenSER = 1.1.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Multiple OpenSER vulnerabilities
Memory corruption on SMS parsing, buffer overflow on OSP parsing, on QuickCAM objects parsing...
OpenSER OSP Module remote code execution
Synopsis: OpenSER OSP Module remote code execution Product: OpenSER Version: =1.1.0 Issue: ====== A critical security vulnerability has been found in OpenSER Open Settlement Protocol OSP module. OSP is an ETSI defined standard for Inter-Domain VoIP pricing,authorization and usage exchange. Detail...