82 matches found
Authentication flaw
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product...
CVE-2016-10212
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product...
CVE-2016-10212
CVE-2016-10212 describes a GCM nonce reuse issue in Radware devices (note: may involve a third-party Cavium product) that allows remote attackers to obtain the authentication key and spoof data via a “forbidden attack.” Root cause: reuse of the initial nonces in GCM. Affected: Radware devices. Ex...
CVE-2016-10212
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product...
Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF
No description provided by source. Exploit Title: Alteon OS BBI Nortell - Multiple Vulnerabilities Date: 16 Nov 09 Author: Sintsov Alexey Software Link: downoad link if available Version: = 21.0.8.3 and may be higher =25.1.0.0 Tested on: relevant os Code : exploit code From: DSecRG research dsecr...
Radware AppDirector Bruteforce Login Utility
This module scans for Radware AppDirector's web login portal, and performs login brute force to identify valid credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Radware AppDirector...
ManageEngine Device Expert 5.6 Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage:...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
DDoS Attacks Take on Political Motivations as Attackers Evolve
DDoS attacks come in all shapes and sizes, and in a lot of cases, the victims of the attacks don’t much care who is executing the attack or why. They just know that their network is being overwhelmed with junk traffic. But the last year has seen a major volume of politically motivated attacks, an...
Radware's Attack Mitigation System Delivers the First Fully Integrated Solution to Fight Cyber Attacks in Real Time
Radware's Attack Mitigation System Delivers the First Fully Integrated Solution to Fight Cyber Attacks in Real Time The solution blocks the new breed of sophisticated attacks that target Multiple layers of the IT infrastructure . Today's point security tools for IT infrastructures are not enough ...
Paypal gives FBI the list of IP Address of 1,000 Anomymous hackers
Paypal gives FBI the list of IP Address of 1,000 Anomymous hackers Paypal collected 1000 IP addresses of those carrying out Anonymous' DDoS attacks against PayPal last December. To be fair the names on the list will probably be the bottom feeding script kiddies rather than the hackers at the top ...
Paypal gives FBI the list of IP Address of 1,000 Anomymous hackers
Paypal gives FBI the list of IP Address of 1,000 Anomymous hackers Paypal collected 1000 IP addresses of those carrying out Anonymous' DDoS attacks against PayPal last December. To be fair the names on the list will probably be the bottom feeding script kiddies rather than the hackers at the top ...
Alteon OS XSS / XSRF
Digital Security Research Group DSecRG Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface BBI. Application: Alteon OS BBI Versions Affected: Nortel XSRF /switchSystem.html/bar?banner=newBanner/scri...
[DSECRG-09-062] Alteon OS BBI (Nortell) - Multiple Vulnerabilities
Digital Security Research Group DSecRG Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS and XSRF vulnerabilities were identified in the Alteon OS Browser-Based Interface BBI. Application: Alteon OS BBI Versions Affected: = 21.0.8.3 and may be higher =25.1.0.0 Vendor URL:...
Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS XSRF
No description provided by source. Exploit Title: Alteon OS BBI Nortell - Multiple Vulnerabilities Date: 16 Nov 09 Author: Sintsov Alexey Software Link: downoad link if available Version: = 21.0.8.3 and may be higher =25.1.0.0 Tested on: relevant os Code : exploit code From: DSecRG research dsecr...
Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery
Exploit Title: Alteon OS BBI Nortell - Multiple Vulnerabilities Date: 16 Nov 09 Author: Sintsov Alexey Software Link: downoad link if available Version: Date: Mon, 16 Nov 2009 14:01:04 +0300 Digital Security Research Group DSecRG Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS an...
Code injection
The radware AppWall Web Application Firewall WAF 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to 1 funcs.inc, 2 defines.inc, or 3 msg.inc in Management/...
CVE-2009-2301
The radware AppWall Web Application Firewall WAF 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to 1 funcs.inc, 2 defines.inc, or 3 msg.inc in Management/...
CVE-2009-2301
The radware AppWall Web Application Firewall WAF 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to 1 funcs.inc, 2 defines.inc, or 3 msg.inc in Management/...