47 matches found
EUVD-2005-4494
Malware in sbrugna...
EUVD-2002-1090
Malware in sbrugna...
EUVD-2006-3070
Malware in sbrugna...
EUVD-2002-1086
Malware in sbrugna...
Cisco VPN 3000 Series Concentrator Client Authentication Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5620/info Cisco VPN 3000 series concentrators are prone to a denial of service condition when receiving an overly long username string during authentication from a VPN client. Successful exploitation will cause the device...
CVE-2006-4313
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.17L, and 4.7.x up to 4.72F allow attackers to execute the 1 CWD, 2 MKD, 3 CDUP, 4 RNFR, 5 SIZE, and 6 RMD FTP commands to modify files or create and delete directories via unknown vectors...
CVE-2006-4313
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.17L, and 4.7.x up to 4.72F allow attackers to execute the 1 CWD, 2 MKD, 3 CDUP, 4 RNFR, 5 SIZE, and 6 RMD FTP commands to modify files or create and delete directories via unknown vectors...
CVE-2006-3906
Internet Key Exchange IKE version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service resource exhaustion via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that...
CVE-2006-3906
Internet Key Exchange IKE version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service resource exhaustion via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that...
CVE-2006-3906
CVE-2006-3906 describes a DoS in the IKEv1 implementation on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls. The root cause is improper handling of large volumes of IKE Phase-1 requests, leading to resource exhaustion and degraded availability. Exploitation is possible without valid credent...
RE: [Full-disclosure] Cisco VPN Concentrator IKE resource exhaustionDoS Advisory
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello: This is a Cisco PSIRT response to an advisory published by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd posted as of July 26, 2006 at http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html, and entitled: Cisco VPN...
CVE-2006-3073
Multiple cross-site scripting XSS vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances ASA, when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in ...
CVE-2006-3073
CVE-2006-3073 describes multiple XSS vulnerabilities in Cisco WebVPN for VPN 3000 Series Concentrators and ASA 5500 Series in WebVPN clientless mode. The flaw allows remote attackers to inject arbitrary web script or HTML via the domain parameter in dnserror.html and connecterror.html (bug IDs CS...
Cisco VPN 3000 VPN Concentrator Denial of Service
HTTP traffic parsing DoS...
[Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack Advisory ID: cisco-sa-20060126-vpn http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml Revision 1.0 For Public Release 2006 January 26 1700 UTC GMT...
CVE-2005-4499
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server CS ACS, generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges b...
Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
Description Various Cisco IOS, PIX Firewall, Firewall Services Module FWSM, VPN 3000 Series Concentrator, and MDS Series SanOS releases are prone to denial of service attacks. These issues are due to security flaws in Cisco's IPSec implementation. The vulnerabilities may be triggered by malformed...
Cisco VPN 3000 groupname enumeration
Different bahaviour for valid and invalid groupname in IKE aggressive mode...
Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack
...
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ================================================================= Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL attack ================================================================= Revision 1.0 For Public Release...