Exploit the possiblities
Showing 51 - 75 of 1,805 RSS Feed

Operating System: Cisco

Cisco Security Advisory 20170201-prime-home
Posted Feb 2, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | f5338e30e3ad4b926849dfe222bde208
Cisco WebEx Chrome Extension Remote Command Execution
Posted Feb 1, 2017
Authored by Tavis Ormandy | Site metasploit.com

This Metasploit module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.

tags | exploit, arbitrary
systems | cisco
advisories | CVE-2017-3823
MD5 | ced9b1d7861a4400eae194631236378e
Hydra Network Logon Cracker 8.4
Posted Jan 31, 2017
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple new protocols implemented. Various bug fixes and proxy support was re-implemented.
tags | tool, web, imap
systems | cisco, unix
MD5 | ac0ffac9bdd1763c69280d00bb90775c
Cisco WebEx 1.0.5 Command Execution
Posted Jan 26, 2017
Authored by Tavis Ormandy, Google Security Research

Cisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.

tags | exploit, arbitrary
systems | cisco
MD5 | 8933612c9e940d293efd165554d1e413
Cisco Security Advisory 20170125-telepresence
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
systems | cisco
MD5 | 348a09172a4d9eba7d6a5abfb2e3410c
Cisco Security Advisory 20170125-expressway
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, overflow, protocol
systems | cisco
MD5 | 55434a5452720fa88174f8cef74a5281
Cisco Security Advisory 20170125-cas
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | e7bf287db9bafdc598710f3f6472d96f
Cisco Security Advisory 20170124-webex
Posted Jan 24, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the use of a crafted pattern by the affected software. An attacker could exploit this vulnerability by directing a user to a web page that contains the crafted pattern and starting a WebEx session. The WebEx session could allow the attacker to execute arbitrary code on the affected system, which could be used to conduct further attacks. Cisco has begun to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 088f50565f7b84d228e21059275699e0
Apple Security Advisory 2017-01-23-1
Posted Jan 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-01-23-1 - iOS 10.2.1 is now available and addresses logic issues, code execution, and multiple other security vulnerabilities.

tags | advisory, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2016-8687, CVE-2017-2350, CVE-2017-2351, CVE-2017-2352, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2360, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2368, CVE-2017-2369, CVE-2017-2370, CVE-2017-2371, CVE-2017-2373
MD5 | 91abec6cacc16073d459630329e9945b
Cisco Magic WebEx URL Remote Command Execution
Posted Jan 24, 2017
Authored by Tavis Ormandy, Google Security Research

Cisco's WebEx extension has a URL that allows for arbitrary remote command execution.

tags | exploit, remote, arbitrary
systems | cisco
MD5 | 6d8494bf209f0415ffc09615875ad72e
Cisco Firepower Management Console 6.0 Post Authentication UserAdd
Posted Jan 12, 2017
Authored by Matt, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-6433
MD5 | 846d8ff8181fafdfacf01ebb0af1bdb5
ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle
Posted Jan 4, 2017
Authored by David Coomber

ShoreTel Mobility Client iOS application versions 9.1.2.101 and below do not validate the SSL certificate they receive when connecting to the mobile application login server.

tags | advisory
systems | cisco, ios
advisories | CVE-2016-6562
MD5 | 504528fda2cb031d91ae4db08bcb18ed
Mac OS / iOS powerd Arbitrary Port Replacement
Posted Dec 22, 2016
Authored by Google Security Research, ianbeer

powerd on Mac OS and iOS suffers from an arbitrary port replacement vulnerability.

tags | exploit, arbitrary
systems | cisco, ios
advisories | CVE-2016-7661
MD5 | edcb171bc5f607aa80424d72f1cf092c
Cisco Expressway 8.8.1 Internal Scanning
Posted Dec 17, 2016
Authored by Micha Borrmann

Cisco Expressway version 8.8.1 suffers from an access control bypass that allows an attacker to leverage the application for internal port scanning.

tags | exploit
systems | cisco
MD5 | eb734f7dda157eb3a3fe72fb4c950db7
Apple Security Advisory 2016-12-13-5
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-5 - This advisory provides additional information in regards to iOS 10.2 fixes as originally documented in APPLE-SA-2016-12-12-1.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2016-4688, CVE-2016-4689, CVE-2016-4690, CVE-2016-4691, CVE-2016-4692, CVE-2016-4693, CVE-2016-4743, CVE-2016-4781, CVE-2016-7586, CVE-2016-7587, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7592, CVE-2016-7594, CVE-2016-7595, CVE-2016-7597, CVE-2016-7598, CVE-2016-7599, CVE-2016-7601, CVE-2016-7606, CVE-2016-7607, CVE-2016-7610, CVE-2016-7611, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619
MD5 | 0ff43dc8c05f33f2486ac599a0834a1e
Apple Security Advisory 2016-12-12-1
Posted Dec 12, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-12-1 - iOS 10.2 is now available and addresses information disclosure, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability, info disclosure
systems | cisco, apple, ios
advisories | CVE-2016-4689, CVE-2016-4690, CVE-2016-4781, CVE-2016-7597, CVE-2016-7601, CVE-2016-7626, CVE-2016-7634, CVE-2016-7638, CVE-2016-7651, CVE-2016-7653, CVE-2016-7664, CVE-2016-7665
MD5 | 1ffad3cc9700a527a662322d595ff395
Cisco Unified Communications Manager 7 / 8 / 9 Directory Traversal
Posted Dec 8, 2016
Authored by justpentest

A directory traversal vulnerability exists in the Cisco Unified Communications Manager administrative web interface. Versions 7.x, 8.x, and 9.x are all affected.

tags | exploit, web, file inclusion
systems | cisco
advisories | CVE-2013-5528
MD5 | 1dea56e178d46dc07ece08d0e95c4ddb
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer
systems | cisco, ios
MD5 | 0c1d2d101da02097ba466840e0148138
BlackNurse Spoofed ICMP Denial Of Service Proof Of Concept
Posted Nov 15, 2016
Authored by Todor Donev

Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls. Most ICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood attack. BlackNurse is based on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth. Low bandwidth is in this case around 15-18 Mbit/s. This is to achieve the volume of packets needed which is around 40 to 50K packets per second. It does not matter if you have a 1 Gbit/s Internet connection. The impact we see on different firewalls is typically high CPU loads. When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet. All firewalls we have seen recover when the attack stops. Various firewalls such as Cisco ASA 5515/5525/5550/5515-X, Fortigate, SonicWall, and more are affected.

tags | exploit, denial of service
systems | cisco
MD5 | 1ce5fd54e281243721b63900ac937de9
Cisco Security Advisory 20161102-cms
Posted Nov 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 60d814e76d3f23639f4b34193463bfeb
Cisco Security Advisory 20161102-tl1
Posted Nov 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 668aa930a9a6fc860efaf71ac8609cdd
Mac OS X / iOS mach_ports_register Memory Safety Issues
Posted Oct 29, 2016
Authored by Google Security Research, ianbeer

Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.

tags | exploit
systems | cisco, apple, osx, ios
advisories | CVE-2016-4669
MD5 | f07634e9d84bf8ba6bb3b4515e3d8ada
Mac OS X / iOS IOSurface Use-After-Free
Posted Oct 25, 2016
Authored by Google Security Research, ianbeer

Mac OS X and iOS kernels suffer from a use-after-free vulnerability in IOSurface.

tags | exploit, kernel
systems | cisco, apple, osx, ios
advisories | CVE-2016-4625
MD5 | 2283c84309c30c849907e3df36c1e0c6
Apple macOS 10.12.1 / iOS 10 SecureTransport SSL Handshake MitM / DoS
Posted Oct 24, 2016
Authored by Maksymilian Arciemowicz

Apple macOS version 10.12.1 and iOS version 10 suffer from man-in-the-middle and denial of service issues with SecureTransport SSL handshakes.

tags | exploit, denial of service
systems | cisco, apple, ios
MD5 | c5b8b509efdfac6bc465c90103b25bc4
Cisco Security Advisory 20161019-asa-idfw
Posted Oct 19, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, overflow, arbitrary
systems | cisco
MD5 | 797b6f8f7813d0900195378134022881
Page 3 of 73
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close