105 matches found
Midea's M-Smart smart socket has design logic flaws
M-Smart Smart Socket is a smart home appliance developed by Midea Group. Midea's M-Smart Smart Socket is susceptible to man-in-the-middle attacks due to insecure protocols for transmitting data and lack of validation of what is transmitted on the client and server side. The lack of effective...
ntp: missing check for zero originate timestamp
It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements...
UBUNTU-CVE-2015-8741
The dissectppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service application crash via a crafted packet...
CVE-2013-1428
Stack-based buffer overflow in the receivetcppacket function in netpacket.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service crash or possibly execute arbitrary code via a large TCP packet...
CVE-2008-0061
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name CNAME record from resolving, aka "improper rotation of resource records."...
CVE-2007-5135
Off-by-one error in the SSLgetsharedciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738...
CVE-2007-3764
The Skinny channel driver chanskinny in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a certain data length value...
Important: Red Hat Security Advisory: samba security update
Updated samba packages that fix two denial of service vulnerabilities are now available. Updated 23rd September 2004 Packages have been updated to include the ppc64 packages which were left out of the initial errata. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba...
TCP RST packets spoofing
By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is no...
CVE-2004-0247
The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service crash via exception via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory...
CVE-2002-1071
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services crash via a TCP packet with both the SYN and ACK flags set...
CVE-2002-0886
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service hang or memory consumption via 1 a large packet to the DHCP port, 2 a large packet to the Telnet port, or 3 a flood of large packets to the CPE, which causes the TCP/IP stack to consume large...
Cisco IOS ARP Table Overwrite DoS (CSCdu81936)
It is possible to send an Address Resolution Protocol ARP packet on a local broadcast interface for example, Ethernet, cable, Token Ring, FDDI which could cause a router or switch running specific versions of Cisco IOS Software Release to stop sending and receiving ARP packets on the local router...
Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS
On Friday 14 December 2001 12:08, Przemyslaw Frasunek wrote: The workaround is to switch off routing and put device in bridging mode. Zyxel support has been notified, I won't release details of attack, until ZyNOS will be patched. I haven't received any response from Zyxel helpdesk so time to...
ISSalert: Internet Security Systems Security Advisory: Multiple vulnerabilities in the WatchGuard SOHO Firewall
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security...
Axent NetProwler 3.0 - IP Packets Denial of Service (1)
Axent NetProwler 3.0 - IP Packets Denial of Service 1 // source: https://www.securityfocus.com/bid/1225/info Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true:...
Axent NetProwler 3.0 - IP Packets Denial of Service (2)
Axent NetProwler 3.0 - IP Packets Denial of Service 2 source: https://www.securityfocus.com/bid/1225/info Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true:...
Axent NetProwler 3.0 - IP Packets Denial of Service (2)
source: https://www.securityfocus.com/bid/1225/info Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true: IPHEADERLENGTH + TCPHEADERLENGTH IPTOTALLENGTH According to Axe...
Axent NetProwler 3.0 - IP Packets Denial of Service (1)
// source: https://www.securityfocus.com/bid/1225/info Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true: IPHEADERLENGTH + TCPHEADERLENGTH IPTOTALLENGTH According to...
disable.tcpdump
Greetings. There is a way to disable tcpdump running on a remote host. By sending a carefully crafted UDP packet on the network which tcpdump monitors, it is possible, under certain circonstances, to make tcpdump fall into an infinite loop. This undesired behaviour has serious consequences for an...