Exploit the possiblities
Showing 76 - 100 of 1,802 RSS Feed

Operating System: Cisco

Cisco Firepower Threat Management Console Local File Inclusion
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, local, file inclusion
systems | cisco, linux
advisories | CVE-2016-6435
MD5 | f66c142008bc325652e1cfe8d2c5ea73
Cisco Firepower Threat Management Command Execution
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, remote
systems | cisco, linux
advisories | CVE-2016-6433
MD5 | b3a07df7474fe7e9d75439898695272a
Cisco Firepower Threat Management Console Denial Of Service
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a denial of service vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, denial of service
systems | cisco, linux
MD5 | 55b7b9e8a15c6a1f671e6bcf0ad3c869
Cisco Security Advisory 20161005-bgp
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 9fc4e49d47735f735bf881b995176b39
Cisco Security Advisory 20161005-dhcp2
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could exploit this vulnerability by sending malformed DHCPv4 packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by malformed DHCP packets processed by a DHCP relay agent listening on the device, using the IPv4 broadcast address or IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | bdbcf42c7f507401c5ed01a9f326b0bb
Cisco Security Advisory 20161005-dhcp1
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of crafted DHCPv4 offer packets. An attacker could exploit this vulnerability by sending crafted DHCPv4 offer packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by crafted DHCP packets processed by a DHCP relay agent or smart relay agent listening on the device using the IPv4 broadcast address or the IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | d3eff152bfb27d8637de788d68688d40
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit
systems | cisco, linux
advisories | CVE-2016-6434
MD5 | 86b5a4ced799ba4cb53d202a3316365b
Cisco Security Advisory 20161005-nxaaa
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions. The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote
systems | cisco
MD5 | cc72ee4edc339277831af2664c976bc3
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
MD5 | f4a1186c6866c8953658abc16723759c
Cisco Security Advisory 20160928-msdp
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
MD5 | 43cc4297092d1bd5caa70fda605ff287
Cisco Security Advisory 20160928-ios-ikev1
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, udp
systems | cisco, osx
MD5 | 2c70f7682ae53942ec87823035a10378
Cisco Security Advisory 20160928-esp-nat
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | 2271bd2366c3d705a7aec59912d5e82e
Cisco Security Advisory 20160928-cip
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 04c5d0b2842abea63280ac5750d8553f
Cisco Security Advisory 20160928-aaados
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
MD5 | f9cb5fe12bc2121506a1c0c12892f28d
Cisco Security Advisory 20160927-openssl
Posted Sep 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2016-2178, CVE-2016-2183
MD5 | 34494deb234d29dad0799daa1734e504
Cisco Security Advisory 20160921-csp2100-2
Posted Sep 21, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 054951f57555576d5ab1b4c219d10c33
Cisco Security Advisory 20160921-csp2100-1
Posted Sep 21, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands. An exploit could allow the attacker to execute arbitrary commands on the host operating system with the privileges of root. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
MD5 | 31d5e0e2764f8eb2d4869c7723ab9be0
Apple Security Advisory 2016-09-20-3
Posted Sep 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-09-20-3 - The iOS 10 advisory has been updated to include additional findings. These relate to code execution and more.

tags | advisory, code execution
systems | cisco, apple, ios
advisories | CVE-2016-4611, CVE-2016-4618, CVE-2016-4620, CVE-2016-4658, CVE-2016-4698, CVE-2016-4702, CVE-2016-4707, CVE-2016-4708, CVE-2016-4711, CVE-2016-4712, CVE-2016-4718, CVE-2016-4719, CVE-2016-4722, CVE-2016-4724, CVE-2016-4725, CVE-2016-4726, CVE-2016-4728, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4738, CVE-2016-4740, CVE-2016-4741, CVE-2016-4746
MD5 | e9e592e52188d6386239b545eaf61555
Cisco ASA EXTRABACON Improved Shellcode
Posted Sep 16, 2016
Authored by Sean Dillon

69 bytes small Cisco ASA authentication bypass (EXTRABACON) better shellcode.

tags | shellcode
systems | cisco
MD5 | 78b1a2e173a31e3a168166f9141ee22d
Cisco ASA 9.2(3) EXTRABACON Module / Authentication Bypass
Posted Sep 16, 2016
Authored by Sean Dillon, Zachary Harding

This is an additional EXTRABACON module for Cisco ASA version 9.2(3). This does not use the same shellcode as the Equation Group version, but accomplishes the same task of disabling the auth functions in less stages/bytes.

tags | exploit, shellcode, bypass
systems | cisco
MD5 | d1064fab44ff0ae1866c7533208d6639
Cisco EPC 3925 XSS / CSRF / HTTP Response Injection / DoS
Posted Sep 15, 2016
Authored by Patryk Bogdan

Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.

tags | exploit, web, denial of service, vulnerability, xss, csrf
systems | cisco
MD5 | da040bc2a2f881da29f4fe41cf33122f
Apple Security Advisory 2016-09-13-1
Posted Sep 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-09-13-1 - iOS 10 is now available and addresses network blocking, information disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, info disclosure
systems | cisco, apple, ios
advisories | CVE-2016-4620, CVE-2016-4719, CVE-2016-4740, CVE-2016-4741, CVE-2016-4746, CVE-2016-4747, CVE-2016-4749
MD5 | e570f6f64d4a1bc1f3b852e469f8dbc0
Apple Security Advisory 2016-09-14-1
Posted Sep 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-09-14-1 - iOS 10.0.1 is now available and addresses a kernel memory disclosure vulnerability.

tags | advisory, kernel
systems | cisco, apple, ios
advisories | CVE-2016-4655
MD5 | 6a4f048bccf6356ab051a1cd1856748a
Cisco Security Advisory 20160831-sps3
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, protocol
systems | cisco
MD5 | 79bc356eab9693dda2a3fb46872b7ab7
Cisco Security Advisory 20160831-spa
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, denial of service
systems | cisco
MD5 | 290e9c77d0c752fbf0263ed2d49c847e
Page 4 of 73
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close