3212 matches found
SonicWALL SOHO Firewall Predictable TCP Initial Sequence Number Vulnerability
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. CVE: CVE-2001-1104 Last updated: Sept. 5, 2008, 8:25 p.m...
CVE-2001-0328
TCP implementations that use random increments for initial sequence numbers ISN can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN...
CVE-2001-0288
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers ISNs, which allows remote attackers to spoof or hijack TCP connections...
CVE-2001-0288
CVE-2001-0288 pertains to Cisco IOS devices (notably switches/routers running IOS 12.1 and earlier) where TCP Initial Sequence Numbers (ISNs) are predictable. The ISN predictability enables remote attackers to spoof or hijack TCP connections, with impact described as partial confidentiality, inte...
CVE-2001-0288
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers ISNs, which allows remote attackers to spoof or hijack TCP connections...
Security Advisory FreeBSD-SA-01:39.tcp-isn
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:39 Security Advisory FreeBSD, Inc. Topic: TCP initial sequence number generation contains statistical vulnerability Category: core Module: kernel Announced: 2001-05-02...
Advisory CA-2001-09
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers Original release date: May 01, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Systems using TCP stacks...
FreeBSD-SA-01:39.tcp-isn
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:39 Security Advisory FreeBSD, Inc. Topic: TCP initial sequence number generation contains statistical vulnerability Category: core Module: kernel Announced: 2001-05-02...
Дырка в нескольких Web-серверах (script source revealing)
Можно получить содержимое скрипт-документав использовав в имени файлы в URL escaped-последовательность или специальное имя директории...
Multiple TCP/IP implementations may use statistically predictable initial sequence numbers
Overview Attacks against TCP initial sequence number generation have been discussed for some time now. It has long been recognized that the ability to know or predict ISNs can lead to TCP connection hijacking or spoofing. What was not previously illustrated was just how predictable one...
Cisco Security Advisory: Cisco IOS Software TCP Initial Sequence NumberRandomization Improvements
-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco IOS Software TCP Initial Sequence Number Randomization Improvements Revision 1.0: INTERIM For Public Release 2001 February 28 18:00 US/Pacific UTC+0800 ------------------------------------------------------------------------ Summar...
Дырка в маршрутизаторах Cisco (Initial TCP sequence number)
Неслучайная генерация начального номер последовательности в TCP позволяет перехватывать TCP-Сеансы...
DoS против Conference Room
Определенная последовательность команд приводит к краху IRC-сервера...
CVE-2001-0162
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ISNs, which allows remote attackers to spoof or hijack TCP connections...
CVE-2001-0163
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers ISNs, which allows remote attackers to spoof or hijack TCP connections...
PT-2001-1393 · Microsoft · Wince
Name of the Vulnerable Software and Affected Versions: WinCE version 3.0.9348 Description: The issue allows remote attackers to spoof or hijack TCP connections due to the generation of predictable TCP Initial Sequence Numbers ISNs. Recommendations: For WinCE version 3.0.9348, at the moment, there...
CVE-2000-0916
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers ISN, which allows remote attackers to spoof TCP connections...
CVE-2000-0916
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers ISN, which allows remote attackers to spoof TCP connections...
CVE-2000-0916
CVE-2000-0916 is a historical TCP-ISN prediction vulnerability affecting FreeBSD 4.1.1 and earlier (and possibly other BSD-based OSes). The root cause is an insufficient random initial sequence number (ISN) generator, enabling remote attackers to spoof TCP connections. Several connected sources c...
Дырка в pam_mysql (unescaped SQL sequence)
Ввод пользователя используется для построения SQL-запроса...