barracude-xss.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 || ISR || || Infobyte Security Research || www.infobyte.com.ar || 09.21.2007 || .:: SUMMARY Barracuda Spam Firewall Cross-Site Scripting Version: Barracuda Spam Firewall firmware v3.4.10.102 It is suspected that all previous versions of Barracuda Sp...

CVE-2007-5058

Cross-site scripting XSS vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog scre...

CVE-2007-4786

Cisco Adaptive Security Appliance ASA running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog...

Command injection

Cisco Adaptive Security Appliance ASA running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog...

CVE-2007-4786

Cisco Adaptive Security Appliance ASA running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog...

CVE-2007-4786

Cisco Adaptive Security Appliance ASA running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog...

PT-2007-5926 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA versions 7.0 through 7.0.7.1 Cisco Adaptive Security Appliance ASA versions 7.1 through 7.1.2.61 Cisco Adaptive Security Appliance ASA versions 7.2 through 7.2.2.34 Cisco Adaptive Security Appliance ASA...

MDKA-2007:089 : proftpd

A bug in ProFTPD, when run on an IPv6-capable host, causes ProFTPD to generate an excessive number of error messages to syslog. As well, LDAP TLS support was incorrectly setup during compilation and as a result LDAP TLS support was disabled. The updated packages correct these issues. %NASLMINLEVE...

Cisco Adaptive Security Appliance insecurely logs passwords

Overview The Cisco Adaptive Security Appliance ASA firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled. Description The Cisco Adapative Security Appliance ASA is a firewall with Intrusion Protection System IPS, Stateful Packet Inspection SPI, a...

CVE-2005-4846

Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a syslog call...

SOL2232 - checktrap.pl script may be vulnerable to remote command execution

The checktrap.pl script may be vulnerable to remote command execution. F5 Networks Product Development tracked this issue as CR35371 and CR35372, and it was fixed in BIG-IP and 3-DNS version 4.5.12 for the 4.5 software branches and in version 4.6.3 for the 4.6 software branches. Obtaining and...

Format string

Format string vulnerability in libwebconsoleservices.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service application crash, obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt,...

CVE-2007-1681

Format string vulnerability in libwebconsoleservices.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service application crash, obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt,...

Sun Java web console format string vulnerability

Format string vulnerability in libwebconsoleservices.so on syslog call...

Fedora Core 5 : openssh-4.3p2-4.12.fc5 (2007-395)

Fri Mar 30 2007 Miloslav Trmac - 4.3p2-4.12 - Fix an information leak in Kerberos password authentication CVE-2006-5052 Resolves: 234640 - Fri Nov 10 2006 Tomas Mraz - 4.3p2-4.11 - CVE-2006-5794 - properly detect failed key verify in monitor 214641 - kill all ssh sessions when stop is called in...

USN-449-1: krb5 vulnerabilities

The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. CVE-2007-0956 The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted...

Axigen format string vulnerability

Format string vulnerability on syslog call...

Design/Logic Flaw

Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.x before 3.13.3, when set to log at the "debug" level, allows remote attackers to cause a denial of service device reboot by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot durin...

CVE-2007-0963

Unspecified vulnerability in Cisco Firewall Services Module FWSM 3.x before 3.13.3, when set to log at the "debug" level, allows remote attackers to cause a denial of service device reboot by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot durin...

Sun Solaris Syslog本地拒绝服务漏洞

Sun Solaris是一款商业性质的操作系统。 Sun Solaris存在设计错误，本地攻击者可以利用漏洞关闭syslog3c功能，导致消息不能记录。 Sun Solaris 10.0 x86 Sun Solaris 10.0 Sun Solaris 9.0 x86 Sun Solaris 9.0 Sun Solaris 8.0 x86 Sun Solaris 8.0 un Solaris 10.0 Sun Sun Patch ID: 118833-19...