ID: MITRE:6075 |
Title: oval:org.mitre.oval:def:6075: HIS Command Execution Vulnerability |
Type: Software |
Bulletins:
MITRE:6075 CVE-2008-3466 |
Severity: Low |
Description: Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | ||||
Applies to: Microsoft Host Integration Server 2000 Microsoft Host Integration Server 2004 Microsoft Host Integration Server 2004 Client Microsoft Host Integration Server 2006 |
Created: 2008-12-08 |
Updated: 2018-09-11 |
ID: CVE-2008-1586 |
Title: ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. |
Type: Mobile Devices |
Bulletins:
CVE-2008-1586 SFBID32394 |
Severity: High |
Description: ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4227 |
Title: Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4227 SFBID32394 |
Severity: High |
Description: Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4228 |
Title: The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4228 SFBID32394 |
Severity: Low |
Description: The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4229 |
Title: Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4229 SFBID32394 |
Severity: Low |
Description: Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4230 |
Title: The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4230 SFBID32394 |
Severity: Low |
Description: The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4231 |
Title: Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4231 SFBID32394 |
Severity: High |
Description: Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4232 |
Title: Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4232 SFBID32394 |
Severity: Medium |
Description: Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-4233 |
Title: Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4233 SFBID32394 |
Severity: Low |
Description: Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: CVE-2008-5230 |
Title: The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which... |
Type: Hardware |
Bulletins:
CVE-2008-5230 SFBID32164 |
Severity: Medium |
Description: The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | ||||
Applies to: |
Created: 2008-11-25 |
Updated: 2020-08-14 |
ID: REF000667 |
Title: USB devices installed over time |
Type: Information |
Bulletins: | Severity: Information |
Description: This check generates a list of all USB devices that have been connected to the scanned computer. | ||||
Applies to: |
Created: 2008-11-17 |
Updated: 2010-08-21 |
ID: CVE-2008-4963 |
Title: Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP... |
Type: Hardware |
Bulletins:
CVE-2008-4963 SFBID32120 |
Severity: High |
Description: Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port. | ||||
Applies to: |
Created: 2008-11-06 |
Updated: 2020-08-14 |
ID: CVE-2008-4918 |
Title: Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that... |
Type: Hardware |
Bulletins:
CVE-2008-4918 SFBID31998 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking." | ||||
Applies to: |
Created: 2008-11-04 |
Updated: 2020-08-14 |
ID: MITRE:6035 |
Title: oval:org.mitre.oval:def:6035: Apple iTunes Local Privilege Escalation Vulnerability |
Type: Software |
Bulletins:
MITRE:6035 CVE-2008-3636 |
Severity: High |
Description: Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. | ||||
Applies to: Apple iTunes |
Created: 2008-11-03 |
Updated: 2018-09-11 |
ID: CVE-2008-3815 |
Title: Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using... |
Type: Hardware |
Bulletins:
CVE-2008-3815 SFBID31864 |
Severity: Medium |
Description: Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | ||||
Applies to: |
Created: 2008-10-23 |
Updated: 2020-08-14 |
ID: CVE-2008-3816 |
Title: Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. |
Type: Hardware |
Bulletins:
CVE-2008-3816 SFBID31863 |
Severity: High |
Description: Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. | ||||
Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco PIX 500 Firewall Series |
Created: 2008-10-23 |
Updated: 2020-08-14 |
ID: CVE-2008-3817 |
Title: Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets,... |
Type: Hardware |
Bulletins:
CVE-2008-3817 SFBID31865 |
Severity: High |
Description: Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator." | ||||
Applies to: Cisco ASA 5500 Adaptive Security Appliance Cisco PIX 500 Firewall Series |
Created: 2008-10-23 |
Updated: 2020-08-14 |
ID: CVE-2008-4609 |
Title: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple... |
Type: Hardware |
Bulletins:
CVE-2008-4609 |
Severity: High |
Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | ||||
Applies to: |
Created: 2008-10-20 |
Updated: 2020-08-14 |
ID: CVE-2008-4594 |
Title: Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote. |
Type: Hardware |
Bulletins:
CVE-2008-4594 |
Severity: High |
Description: Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote. | ||||
Applies to: wap400n |
Created: 2008-10-17 |
Updated: 2020-08-14 |
ID: CVE-2008-4441 |
Title: The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2008-4441 SFBID31742 |
Severity: High |
Description: The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197. | ||||
Applies to: wap400n |
Created: 2008-10-14 |
Updated: 2020-08-14 |
ID: CVE-2008-4211 |
Title: Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service... |
Type: Mobile Devices |
Bulletins:
CVE-2008-4211 SFBID31681 |
Severity: High |
Description: Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." | ||||
Applies to: |
Created: 2008-10-10 |
Updated: 2020-08-14 |
ID: MITRE:5995 |
Title: oval:org.mitre.oval:def:5995: Windows Messenger Information Disclosure Vulnerability |
Type: Software |
Bulletins:
MITRE:5995 CVE-2008-0082 |
Severity: Low |
Description: An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. | ||||
Applies to: MSN Messenger 4.7 MSN Messenger 5.1 |
Created: 2008-10-06 |
Updated: 2018-09-11 |
ID: CVE-2008-4383 |
Title: Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01,... |
Type: Hardware |
Bulletins:
CVE-2008-4383 SFBID30652 |
Severity: High |
Description: Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. | ||||
Applies to: |
Created: 2008-10-03 |
Updated: 2020-08-14 |
ID: CVE-2008-4296 |
Title: The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. |
Type: Hardware |
Bulletins:
CVE-2008-4296 |
Severity: High |
Description: The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | ||||
Applies to: wrt350n |
Created: 2008-09-27 |
Updated: 2020-08-14 |
ID: CVE-2008-2739 |
Title: The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a... |
Type: Hardware |
Bulletins:
CVE-2008-2739 |
Severity: High |
Description: The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3798 |
Title: Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. |
Type: Hardware |
Bulletins:
CVE-2008-3798 |
Severity: High |
Description: Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3799 |
Title: Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP... |
Type: Hardware |
Bulletins:
CVE-2008-3799 |
Severity: High |
Description: Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3800 |
Title: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2008-3800 SFBID31367 |
Severity: High |
Description: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | ||||
Applies to: Unified Callmanager Unified Communications Manager |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3801 |
Title: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2008-3801 SFBID31367 |
Severity: High |
Description: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | ||||
Applies to: Unified Callmanager Unified Communications Manager |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3802 |
Title: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka... |
Type: Hardware |
Bulletins:
CVE-2008-3802 |
Severity: High |
Description: Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3803 |
Title: A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from... |
Type: Hardware |
Bulletins:
CVE-2008-3803 SFBID31366 |
Severity: Medium |
Description: A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3804 |
Title: Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software... |
Type: Hardware |
Bulletins:
CVE-2008-3804 |
Severity: High |
Description: Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3805 |
Title: Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2008-3805 |
Severity: High |
Description: Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3806 |
Title: Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2008-3806 |
Severity: High |
Description: Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3807 |
Title: Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this... |
Type: Hardware |
Bulletins:
CVE-2008-3807 |
Severity: High |
Description: Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3808 |
Title: Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. |
Type: Hardware |
Bulletins:
CVE-2008-3808 SFBID31356 |
Severity: High |
Description: Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3809 |
Title: Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. |
Type: Hardware |
Bulletins:
CVE-2008-3809 SFBID31356 |
Severity: High |
Description: Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3810 |
Title: Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than... |
Type: Hardware |
Bulletins:
CVE-2008-3810 SFBID31359 |
Severity: High |
Description: Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3811 |
Title: Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different... |
Type: Hardware |
Bulletins:
CVE-2008-3811 SFBID31359 |
Severity: High |
Description: Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3812 |
Title: Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet. |
Type: Hardware |
Bulletins:
CVE-2008-3812 SFBID31354 |
Severity: High |
Description: Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: CVE-2008-3813 |
Title: Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. |
Type: Hardware |
Bulletins:
CVE-2008-3813 |
Severity: High |
Description: Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. | ||||
Applies to: |
Created: 2008-09-26 |
Updated: 2020-08-14 |
ID: MITRE:6122 |
Title: oval:org.mitre.oval:def:6122: Microsoft Malformed EPS Filter Vulnerability |
Type: Software |
Bulletins:
MITRE:6122 CVE-2008-3019 |
Severity: High |
Description: Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." | ||||
Applies to: Microsoft Office 2000 Microsoft Office 2003 Microsoft Office Converter Pack Microsoft Office Project 2002 Microsoft Office XP Microsoft Works |
Created: 2008-09-22 |
Updated: 2018-09-11 |
ID: MITRE:5879 |
Title: oval:org.mitre.oval:def:5879: Microsoft Malformed PICT Filter Vulnerability |
Type: Software |
Bulletins:
MITRE:5879 CVE-2008-3018 |
Severity: High |
Description: Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. | ||||
Applies to: Microsoft Office 2000 Microsoft Office 2003 Microsoft Office Converter Pack Microsoft Office Project 2002 Microsoft Office XP Microsoft Works |
Created: 2008-09-22 |
Updated: 2018-09-11 |
ID: MITRE:5997 |
Title: oval:org.mitre.oval:def:5997: Microsoft PICT Filter Parsing Vulnerability |
Type: Software |
Bulletins:
MITRE:5997 CVE-2008-3021 |
Severity: High |
Description: Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. | ||||
Applies to: Microsoft Office 2000 Microsoft Office 2003 Microsoft Office Converter Pack Microsoft Office Project 2002 Microsoft Office XP Microsoft Works 8 |
Created: 2008-09-22 |
Updated: 2018-09-11 |
ID: MITRE:6019 |
Title: oval:org.mitre.oval:def:6019: Microsoft Office WPG Image File Heap Corruption Vulnerability |
Type: Software |
Bulletins:
MITRE:6019 CVE-2008-3460 |
Severity: High |
Description: WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." | ||||
Applies to: Microsoft Office 2000 Microsoft Office 2003 Microsoft Office Converter Pack Microsoft Office Project 2002 Microsoft Office XP Microsoft Works |
Created: 2008-09-22 |
Updated: 2018-09-11 |
ID: CVE-2008-4133 |
Title: The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. |
Type: Hardware |
Bulletins:
CVE-2008-4133 SFBID31050 |
Severity: Medium |
Description: The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | ||||
Applies to: DIR-100 |
Created: 2008-09-19 |
Updated: 2020-08-14 |
ID: CVE-2008-4128 |
Title: Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command... |
Type: Hardware |
Bulletins:
CVE-2008-4128 SFBID31218 |
Severity: High |
Description: Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. | ||||
Applies to: |
Created: 2008-09-18 |
Updated: 2020-08-14 |
ID: CVE-2007-5474 |
Title: The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users... |
Type: Hardware |
Bulletins:
CVE-2007-5474 SFBID31012 |
Severity: Medium |
Description: The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long. | ||||
Applies to: wrt350n |
Created: 2008-09-05 |
Updated: 2020-08-14 |
ID: CVE-2008-1144 |
Title: The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or... |
Type: Hardware |
Bulletins:
CVE-2008-1144 SFBID31013 |
Severity: Medium |
Description: The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | ||||
Applies to: WPN802 Access Point |
Created: 2008-09-05 |
Updated: 2020-08-14 |
ID: CVE-2008-1197 |
Title: The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a... |
Type: Hardware |
Bulletins:
CVE-2008-1197 SFBID30976 |
Severity: Medium |
Description: The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | ||||
Applies to: WPN802 Access Point |
Created: 2008-09-05 |
Updated: 2020-08-14 |
ID: CVE-2008-2732 |
Title: Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow... |
Type: Hardware |
Bulletins:
CVE-2008-2732 SFBID30998 |
Severity: High |
Description: Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315. | ||||
Applies to: |
Created: 2008-09-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2733 |
Title: Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote... |
Type: Hardware |
Bulletins:
CVE-2008-2733 SFBID30998 |
Severity: High |
Description: Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. | ||||
Applies to: |
Created: 2008-09-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2734 |
Title: Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2008-2734 SFBID30998 |
Severity: High |
Description: Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472. | ||||
Applies to: |
Created: 2008-09-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2735 |
Title: The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2008-2735 SFBID30998 |
Severity: High |
Description: The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369. | ||||
Applies to: |
Created: 2008-09-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2736 |
Title: Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown... |
Type: Hardware |
Bulletins:
CVE-2008-2736 SFBID30998 |
Severity: High |
Description: Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | ||||
Applies to: |
Created: 2008-09-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2061 |
Title: The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP... |
Type: Hardware |
Bulletins:
CVE-2008-2061 SFBID29933 |
Severity: High |
Description: The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. | ||||
Applies to: Unified Communications Manager |
Created: 2008-06-26 |
Updated: 2020-08-14 |
ID: CVE-2008-2062 |
Title: The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information... |
Type: Hardware |
Bulletins:
CVE-2008-2062 SFBID29935 |
Severity: Medium |
Description: The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. | ||||
Applies to: Unified Communications Manager |
Created: 2008-06-26 |
Updated: 2020-08-14 |
ID: CVE-2008-2730 |
Title: The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and... |
Type: Hardware |
Bulletins:
CVE-2008-2730 SFBID29935 |
Severity: Medium |
Description: The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | ||||
Applies to: Unified Communications Manager |
Created: 2008-06-26 |
Updated: 2020-08-14 |
ID: MITRE:5578 |
Title: oval:org.mitre.oval:def:5578: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability |
Type: Services |
Bulletins:
MITRE:5578 CVE-2007-6026 |
Severity: High |
Description: Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. | ||||
Applies to: Microsoft Jet 4.0 Database Engine |
Created: 2008-06-23 |
Updated: 2020-08-13 |
ID: CVE-2008-2636 |
Title: The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many... |
Type: Hardware |
Bulletins:
CVE-2008-2636 |
Severity: High |
Description: The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence. | ||||
Applies to: wrh54g |
Created: 2008-06-09 |
Updated: 2020-08-14 |
ID: CVE-2008-2055 |
Title: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. |
Type: Hardware |
Bulletins:
CVE-2008-2055 |
Severity: High |
Description: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. | ||||
Applies to: Cisco PIX 500 Firewall Series |
Created: 2008-06-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2056 |
Title: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the... |
Type: Hardware |
Bulletins:
CVE-2008-2056 |
Severity: High |
Description: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. | ||||
Applies to: Cisco PIX 500 Firewall Series |
Created: 2008-06-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2057 |
Title: The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a... |
Type: Hardware |
Bulletins:
CVE-2008-2057 |
Severity: Medium |
Description: The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet. | ||||
Applies to: Cisco PIX 500 Firewall Series |
Created: 2008-06-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2058 |
Title: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. |
Type: Hardware |
Bulletins:
CVE-2008-2058 |
Severity: High |
Description: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. | ||||
Applies to: Cisco PIX 500 Firewall Series |
Created: 2008-06-04 |
Updated: 2020-08-14 |
ID: CVE-2008-2059 |
Title: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. |
Type: Hardware |
Bulletins:
CVE-2008-2059 |
Severity: High |
Description: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. | ||||
Applies to: Cisco PIX 500 Firewall Series |
Created: 2008-06-04 |
Updated: 2020-08-14 |
ID: CVE-2008-1159 |
Title: Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293. |
Type: Hardware |
Bulletins:
CVE-2008-1159 SFBID29314 |
Severity: High |
Description: Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293. | ||||
Applies to: |
Created: 2008-05-22 |
Updated: 2020-08-14 |
ID: CVE-2008-1742 |
Title: Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of... |
Type: Hardware |
Bulletins:
CVE-2008-1742 SFBID29221 |
Severity: High |
Description: Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609. | ||||
Applies to: Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1743 |
Title: Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service... |
Type: Hardware |
Bulletins:
CVE-2008-1743 SFBID29221 |
Severity: High |
Description: Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433. | ||||
Applies to: Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1744 |
Title: The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via... |
Type: Hardware |
Bulletins:
CVE-2008-1744 SFBID29221 |
Severity: High |
Description: The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. | ||||
Applies to: Unified Callmanager Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1745 |
Title: Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. |
Type: Hardware |
Bulletins:
CVE-2008-1745 SFBID29221 |
Severity: High |
Description: Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | ||||
Applies to: Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1746 |
Title: The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and... |
Type: Hardware |
Bulletins:
CVE-2008-1746 SFBID29221 |
Severity: High |
Description: The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. | ||||
Applies to: Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1747 |
Title: Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via... |
Type: Hardware |
Bulletins:
CVE-2008-1747 SFBID29221 |
Severity: High |
Description: Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. | ||||
Applies to: Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1748 |
Title: Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service... |
Type: Hardware |
Bulletins:
CVE-2008-1748 SFBID29221 |
Severity: High |
Description: Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. | ||||
Applies to: Unified Communications Manager |
Created: 2008-05-16 |
Updated: 2020-08-14 |
ID: CVE-2008-1154 |
Title: The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not... |
Type: Hardware |
Bulletins:
CVE-2008-1154 SFBID28591 |
Severity: High |
Description: The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
Applies to: Unified Communications Manager |
Created: 2008-04-04 |
Updated: 2020-08-14 |
ID: CVE-2008-1156 |
Title: Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree... |
Type: Hardware |
Bulletins:
CVE-2008-1156 SFBID28464 |
Severity: Medium |
Description: Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | ||||
Applies to: |
Created: 2008-03-27 |
Updated: 2020-08-14 |
ID: CVE-2008-1150 |
Title: The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB)... |
Type: Hardware |
Bulletins:
CVE-2008-1150 SFBID28460 |
Severity: High |
Description: The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. | ||||
Applies to: |
Created: 2008-03-27 |
Updated: 2020-08-14 |
ID: CVE-2008-1151 |
Title: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated... |
Type: Hardware |
Bulletins:
CVE-2008-1151 SFBID28460 |
Severity: High |
Description: Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. | ||||
Applies to: |
Created: 2008-03-27 |
Updated: 2020-08-14 |
ID: CVE-2008-1152 |
Title: The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. |
Type: Hardware |
Bulletins:
CVE-2008-1152 SFBID28465 |
Severity: High |
Description: The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. | ||||
Applies to: |
Created: 2008-03-27 |
Updated: 2020-08-14 |
ID: CVE-2008-1153 |
Title: Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. |
Type: Hardware |
Bulletins:
CVE-2008-1153 SFBID28461 |
Severity: High |
Description: Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. | ||||
Applies to: |
Created: 2008-03-27 |
Updated: 2020-08-14 |
ID: CVE-2007-6707 |
Title: Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than... |
Type: Hardware |
Bulletins:
CVE-2007-6707 |
Severity: Medium |
Description: Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574. | ||||
Applies to: wag54gs |
Created: 2008-03-13 |
Updated: 2020-08-14 |
ID: CVE-2007-6708 |
Title: Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an... |
Type: Hardware |
Bulletins:
CVE-2007-6708 |
Severity: Medium |
Description: Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi. | ||||
Applies to: wag54gs |
Created: 2008-03-13 |
Updated: 2020-08-14 |
ID: CVE-2007-6709 |
Title: The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. |
Type: Hardware |
Bulletins:
CVE-2007-6709 |
Severity: High |
Description: The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | ||||
Applies to: wag54gs |
Created: 2008-03-13 |
Updated: 2020-08-14 |
ID: CVE-2008-1265 |
Title: The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. |
Type: Hardware |
Bulletins:
CVE-2008-1265 |
Severity: High |
Description: The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | ||||
Applies to: wrt54g |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1268 |
Title: The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. |
Type: Hardware |
Bulletins:
CVE-2008-1268 |
Severity: High |
Description: The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | ||||
Applies to: wrt54g 7 |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1243 |
Title: Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. |
Type: Hardware |
Bulletins:
CVE-2008-1243 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. | ||||
Applies to: wrt300n |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1247 |
Title: The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2)... |
Type: Hardware |
Bulletins:
CVE-2008-1247 SFBID28381 |
Severity: High |
Description: The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. | ||||
Applies to: wrt54g |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1263 |
Title: The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. |
Type: Hardware |
Bulletins:
CVE-2008-1263 |
Severity: Medium |
Description: The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | ||||
Applies to: wrt54g |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1264 |
Title: The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. |
Type: Hardware |
Bulletins:
CVE-2008-1264 |
Severity: High |
Description: The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. | ||||
Applies to: wrt54g |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1253 |
Title: Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the... |
Type: Hardware |
Bulletins:
CVE-2008-1253 SFBID28439 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. | ||||
Applies to: DSL-G604T |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1258 |
Title: Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. |
Type: Hardware |
Bulletins:
CVE-2008-1258 SFBID28439 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. | ||||
Applies to: DI-604 |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-1266 |
Title: Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name... |
Type: Hardware |
Bulletins:
CVE-2008-1266 SFBID28439 |
Severity: High |
Description: Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. | ||||
Applies to: DI-524 |
Created: 2008-03-10 |
Updated: 2020-08-14 |
ID: CVE-2008-0026 |
Title: SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and... |
Type: Hardware |
Bulletins:
CVE-2008-0026 SFBID27775 |
Severity: Medium |
Description: SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | ||||
Applies to: Unified Callmanager Unified Communications Manager |
Created: 2008-02-14 |
Updated: 2020-08-14 |
ID: MITRE:3622 |
Title: oval:org.mitre.oval:def:3622: Windows Media Format Remote Code Execution Vulnerability |
Type: Miscellaneous |
Bulletins:
MITRE:3622 CVE-2007-0064 |
Severity: High |
Description: Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. | ||||
Applies to: Windows Media Format Runtime 11 Windows Media Format Runtime 7.1 Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 |
Created: 2008-02-04 |
Updated: 2020-08-13 |
ID: CVE-2008-0028 |
Title: Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2008-0028 SFBID27418 |
Severity: High |
Description: Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. | ||||
Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2008-01-23 |
Updated: 2020-08-14 |
ID: REF000655 |
Title: IM installed: Google Talk |
Type: Software |
Bulletins: | Severity: Low |
Description: Google Talk instant messaging client is installed. | ||||
Applies to: Google Talk |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000656 |
Title: IM installed: ICQ |
Type: Software |
Bulletins: | Severity: Low |
Description: ICQ instant messaging client is installed. | ||||
Applies to: ICQ |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000657 |
Title: IM installed: Yahoo! Messenger |
Type: Software |
Bulletins: | Severity: Low |
Description: Yahoo Messenger instant messaging client is installed. | ||||
Applies to: Yahoo Messenger |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000658 |
Title: IM installed: Trillian |
Type: Software |
Bulletins: | Severity: Low |
Description: Trillian instant messaging client is installed. | ||||
Applies to: Trillian |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000659 |
Title: IM installed: Skype |
Type: Software |
Bulletins: | Severity: Low |
Description: Skype instant messaging client is installed. | ||||
Applies to: Skype |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000660 |
Title: IM installed: Gizmo |
Type: Software |
Bulletins: | Severity: Low |
Description: Gizmo instant messaging client is installed. | ||||
Applies to: Gizmo |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000661 |
Title: IM installed: Windows Live Messenger |
Type: Software |
Bulletins: | Severity: Low |
Description: Windows Live Messenger instant messaging client is installed. | ||||
Applies to: Windows Live Messenger |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: REF000662 |
Title: IM installed: Pidgin |
Type: Software |
Bulletins: | Severity: Low |
Description: Pidgin instant messaging client is installed. | ||||
Applies to: Pidgin |
Created: 2008-01-17 |
Updated: 2010-08-21 |
ID: CVE-2008-0027 |
Title: Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows... |
Type: Hardware |
Bulletins:
CVE-2008-0027 SFBID27313 |
Severity: High |
Description: Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | ||||
Applies to: Unified Callmanager Unified Communications Manager |
Created: 2008-01-16 |
Updated: 2020-08-14 |
ID: CVE-2007-0466 |
Title: SANS07C4: Telestream Flip4Mac WMV for Quicktime 2.1.0.33 remote code execution vulnerability |
Type: Software |
Bulletins:
CVE-2007-0466 SFBID22286 |
Severity: Low |
Description: Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. | ||||
Applies to: Telestream Flip4Mac WMV |
Created: 2008-01-11 |
Updated: 2010-08-21 |
ID: CVE-2007-0588 |
Title: SANS07C4:Apple QuickDraw on Mac OSX 10.4.8 and earlier allows remote denial of service |
Type: Software |
Bulletins:
CVE-2007-0588 SFBID22228 |
Severity: High |
Description: The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. | ||||
Applies to: Apple QuickDraw |
Created: 2008-01-11 |
Updated: 2010-08-21 |
ID: CVE-2007-0776 |
Title: SANS07C1: Multiple Vulnerabilities in Mozilla Firefox earlier than 2.0.0.8 |
Type: Web |
Bulletins:
CVE-2007-0776 CVE-2007-0777 CVE-2007-0779 CVE-2007-0981 CVE-2007-1092 CVE-2007-2292 CVE-2007-2867 CVE-2007-3734 CVE-2007-3735 CVE-2007-3737 CVE-2007-3738 CVE-2007-3845 CVE-2007-4841 CVE-2007-5338 CVE-2006-4565 CVE-2006-4571 CVE-2006-5463 CVE-2006-5747 SFBID26132 SFBID20957 SFBID20042 SFBID25543 SFBID22679 SFBID24946 SFBID24242 SFBID22694 SFBID23668 SFBID22566 SFBID21668 |
Severity: High |
Description: Multiple vulnerabilities exist in Mozilla Firefox versions earlier than 2.0.0.8. These include remote execution of arbitrary code, denial of service, and spoofing of GUI elements. | ||||
Applies to: Mozilla Firefox |
Created: 2008-01-10 |
Updated: 2010-08-21 |
ID: CVE-2006-6652 |
Title: SANS07S3: Buffer overflow in libc used in FTP daemon and tnftpd in Apple Mac OS X |
Type: Services |
Bulletins:
CVE-2006-6652 SFBID21377 |
Severity: High |
Description: Buffer overflow in the glob implementation (glob.c) in libc in Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. | ||||
Applies to: FTP |
Created: 2008-01-10 |
Updated: 2010-08-21 |
ID: CVE-2007-0731 |
Title: SANS07S3: Samba module in Apple Mac OS X buffer overflow |
Type: Services |
Bulletins:
CVE-2007-0731 SFBID22948 |
Severity: High |
Description: Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.3.9 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL. | ||||
Applies to: Apple Mac OS X |
Created: 2008-01-10 |
Updated: 2010-08-21 |
ID: CVE-2008-0228 |
Title: Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. |
Type: Hardware |
Bulletins:
CVE-2008-0228 |
Severity: High |
Description: Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. | ||||
Applies to: wrt54gl |
Created: 2008-01-10 |
Updated: 2020-08-14 |
ID: CVE-2006-6335 |
Title: SANS07S5: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 |
Type: Software |
Bulletins:
CVE-2006-6335 SFBID21563 |
Severity: Low |
Description: Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. | ||||
Applies to: Sophos Anti-Virus |
Created: 2008-01-08 |
Updated: 2010-08-21 |
ID: CVE-2006-0994 |
Title: SANS07S5: Sophos Anti-Virus products allow remote code execution via crafted CAB |
Type: Software |
Bulletins:
CVE-2006-0994 SFBID17876 |
Severity: High |
Description: Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. | ||||
Applies to: Sophos Anti-Virus |
Created: 2008-01-08 |
Updated: 2010-08-21 |
ID: CVE-2007-3509 |
Title: SANS07S4: Buffer overflow in Symantec/Veritas Backup Exec |
Type: Software |
Bulletins:
CVE-2007-3509 SFBID23897 |
Severity: High |
Description: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. | ||||
Applies to: Symantec/Veritas Backup Exec |
Created: 2008-01-07 |
Updated: 2010-08-21 |
ID: REF000617 |
Title: IM installed: konversation installed |
Type: Software |
Bulletins: | Severity: Low |
Description: Koversation instant messaging client installed. | ||||
Applies to: |
Created: 2008-01-07 |
Updated: 2010-08-21 |
ID: REF000618 |
Title: IM installed: xchat installed |
Type: Software |
Bulletins: | Severity: Low |
Description: Xchat instant messaging client installed. | ||||
Applies to: |
Created: 2008-01-07 |
Updated: 2010-08-21 |
ID: CVE-2007-3509 |
Title: SANS07S4: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers |
Type: Services |
Bulletins:
CVE-2007-3509 SFBID23897 |
Severity: High |
Description: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. | ||||
Applies to: Symantec Backup Exec for Windows Servers |
Created: 2008-01-03 |
Updated: 2010-08-21 |
ID: REF000584 |
Title: Config pam: no bruteforce protection configured |
Type: Services |
Bulletins: | Severity: Low |
Description: No PAM brute-force protection modules detected. Modules pam_abl and pam_al missing. | ||||
Applies to: |
Created: 2008-01-03 |
Updated: 2010-08-21 |
ID: CVE-2007-2974 |
Title: SANS07S5: Multiple Vulnerabilities in Avira AntiVir |
Type: Software |
Bulletins:
CVE-2007-2974 CVE-2007-2973 CVE-2007-2972 CVE-2007-1671 SFBID23823 SFBID24187 SFBID24239 |
Severity: Low |
Description: Multiple vulnerabilities exist in Avira AntiVir antivirus engine prior to 7.04.00.24 and avpack prior to 7.03.00.09. | ||||
Applies to: Avira AntiVir |
Created: 2008-01-03 |
Updated: 2010-08-21 |