This is a presentation called Router Exploitation. It was given at BlackHat 2009. It discusses various vendors such as Cisco, Juniper, Huawei, and more.
d251e8ce38047dd92c1a121ab52dccf2904bfc18ca85475675ae8202a6a1241dFreeBSD Security Advisory - FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic.
6702f60b55d6453bd757f5c5f78ebb7b3615928a68a5c006f536a774870013bfFreeBSD Security Advisory - The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. A remote attacker could cause the hostapd daemon to abort by sending specially crafted EAP-TLS messages, resulting in a Denial of Service.
2e64da0ea32a2dac049fee64d2e2a83e329082a4961e1f7560ffefb7f8cc5160FreeBSD Security Advisory - The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. The attacker can also cause the server to lock up with specific combinations of RDATA.
06e1aee7809f7e8aa741e07c76a29eb43443068d25922ef3f329e9890d2bf998Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
6abb1bda55fdf2a144f85a5781c58e9555df57ab3346329f169d03b28b7f55e7Cisco WAG120N suffers from a remote command execution vulnerability in setup.cgi.
3f3738e0fe87c901ce923fe505448e7d8a980e7ffb970f817472dc722f51bd86Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
adf8111d665f3a46a324885a6c9a7d02bae0571ab36a5bde6b53d6b571145526Debian Linux Security Advisory 2576-1 - Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.
800af7d0630c558f72202a51ab53232166e3ed09332a713e3e5689149fd3c4f5Red Hat Security Advisory 2012-1485-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5800d65e57ad9bb4e73df7eaa0bf267ac6bcb62d0f916aca821a78511a0157d9Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
725ac6c165fe02ee10a51066b105b9aea48d1b95568665478b3c69d1c88f5843TrouSerS denial of service proof of concept exploit.
e1cf51f8e3c0f3a2a12e173d4fc14069721e2a542f1a4f8e7716091868d553afSecunia Security Advisory - ReVuln has reported a vulnerability in Call of Duty Modern Warfare 3, which can be exploited by malicious people to cause a DoS (Denial of Service).
74ae4696c1690a30b0918055fc1a5eb30c489119c5e4523dc2362020cf1e00caSecunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes a weakness and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
7cb59ea2e45d8333ddd3b466f12449c124b01db49e998b327743b090a28cfb0cSecunia Security Advisory - High-Tech Bridge has discovered a vulnerability in dotProject, which can be exploited by malicious people to conduct cross-site scripting attacks.
9254f30b6bc9e99898900c97f26701aeede9c5d8b3800b5e3810b05450eeab14Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya Call Management System, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7e289a6e4af084024ca3b3175510fcf37297a5b6d02e08fed1a3d4c1de4d0048Secunia Security Advisory - High-Tech Bridge has discovered multiple vulnerabilities in dotProject, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
eeea1944294076d423641a51cc2075fc77766ddab9325f5699f12aef28bab64cSecunia Security Advisory - Two vulnerabilities have been reported in Feng Office, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
033c24c702e8b144736cb6bf26738d0caca812541fa1d03e1cd442f12b0388a8Secunia Security Advisory - SUSE has issued an update for java-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
5916af721afbab5dc6b13fe9a2a4ce94c3a911d2d68f7e1c03282a8abbb29ecaSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
072dd70eed54a592832d4588a549e408d601ebb51dc0c48d38fec0072b372619Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
74a413a72b87d02f434300b001cca1f8c74a546e8b2b4f58a788f62b513f185cSecunia Security Advisory - MustLive has discovered a vulnerability in the Archiv plugin for TinyMCE, which can be exploited by malicious people to conduct cross-site scripting attacks.
e61911237faefb0492e36bb2c56ef88903872517fc0e3c3017168898c4f8d6b1Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Endpoint Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
7bf30cd539a60fa266e64347af762078a74e09b1516c253556a70aa89b0358f6Secunia Security Advisory - MustLive has discovered a vulnerability in Liferay Portal, which can be exploited by malicious people to conduct cross-site scripting attacks.
2383056ef5acab921fc8e5538069ae76048303bc413079a050e04059b937a119Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
d53be8d6c393007d6db144b8e9757ca8073932b0d5a4778903aebdc6ccb18e3dSecunia Security Advisory - Symantec has acknowledged some vulnerabilities in multiple products, which can be exploited by malicious people to compromise a vulnerable system.
fd631d8103a4e841d239abc9bf12f82160ee5cc33f32ac7baba0395cfac8e382
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed