Twenty Year Anniversary
Showing 76 - 100 of 1,815 RSS Feed

Operating System: Cisco

Apple Security Advisory 2016-12-12-1
Posted Dec 12, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-12-1 - iOS 10.2 is now available and addresses information disclosure, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability, info disclosure
systems | cisco, apple, ios
advisories | CVE-2016-4689, CVE-2016-4690, CVE-2016-4781, CVE-2016-7597, CVE-2016-7601, CVE-2016-7626, CVE-2016-7634, CVE-2016-7638, CVE-2016-7651, CVE-2016-7653, CVE-2016-7664, CVE-2016-7665
MD5 | 1ffad3cc9700a527a662322d595ff395
Cisco Unified Communications Manager 7 / 8 / 9 Directory Traversal
Posted Dec 8, 2016
Authored by justpentest

A directory traversal vulnerability exists in the Cisco Unified Communications Manager administrative web interface. Versions 7.x, 8.x, and 9.x are all affected.

tags | exploit, web, file inclusion
systems | cisco
advisories | CVE-2013-5528
MD5 | 1dea56e178d46dc07ece08d0e95c4ddb
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
MD5 | 0c1d2d101da02097ba466840e0148138
BlackNurse Spoofed ICMP Denial Of Service Proof Of Concept
Posted Nov 15, 2016
Authored by Todor Donev

Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls. Most ICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood attack. BlackNurse is based on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth. Low bandwidth is in this case around 15-18 Mbit/s. This is to achieve the volume of packets needed which is around 40 to 50K packets per second. It does not matter if you have a 1 Gbit/s Internet connection. The impact we see on different firewalls is typically high CPU loads. When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet. All firewalls we have seen recover when the attack stops. Various firewalls such as Cisco ASA 5515/5525/5550/5515-X, Fortigate, SonicWall, and more are affected.

tags | exploit, denial of service
systems | cisco
MD5 | 1ce5fd54e281243721b63900ac937de9
Cisco Security Advisory 20161102-cms
Posted Nov 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 60d814e76d3f23639f4b34193463bfeb
Cisco Security Advisory 20161102-tl1
Posted Nov 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 668aa930a9a6fc860efaf71ac8609cdd
Mac OS X / iOS mach_ports_register Memory Safety Issues
Posted Oct 29, 2016
Authored by Google Security Research, ianbeer

Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.

tags | exploit
systems | cisco, apple, osx, ios
advisories | CVE-2016-4669
MD5 | f07634e9d84bf8ba6bb3b4515e3d8ada
Mac OS X / iOS IOSurface Use-After-Free
Posted Oct 25, 2016
Authored by Google Security Research, ianbeer

Mac OS X and iOS kernels suffer from a use-after-free vulnerability in IOSurface.

tags | exploit, kernel
systems | cisco, apple, osx, ios
advisories | CVE-2016-4625
MD5 | 2283c84309c30c849907e3df36c1e0c6
Apple macOS 10.12.1 / iOS 10 SecureTransport SSL Handshake MitM / DoS
Posted Oct 24, 2016
Authored by Maksymilian Arciemowicz

Apple macOS version 10.12.1 and iOS version 10 suffer from man-in-the-middle and denial of service issues with SecureTransport SSL handshakes.

tags | exploit, denial of service
systems | cisco, apple, ios
MD5 | c5b8b509efdfac6bc465c90103b25bc4
Cisco Security Advisory 20161019-asa-idfw
Posted Oct 19, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, overflow, arbitrary
systems | cisco
MD5 | 797b6f8f7813d0900195378134022881
Cisco Webex Player T29.10 Use-After-Free Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .wrf use-after-free memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1464
MD5 | ec1cc7257ee75bf5544fca951cfac52b
Cisco Webex Player T29.10 Out-Of-Bounds Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .arf out-of-bounds memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1415
MD5 | 0ea248b2edbdd5bf05d03cdecdb11716
Cisco Security Advisory 20161012-msc
Posted Oct 12, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability in some environments are available.

tags | advisory, remote, protocol
systems | cisco
MD5 | 1deab8901a19c75018a4cd411342849d
Cisco Firepower Threat Management Console Local File Inclusion
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, local, file inclusion
systems | cisco, linux
advisories | CVE-2016-6435
MD5 | f66c142008bc325652e1cfe8d2c5ea73
Cisco Firepower Threat Management Command Execution
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, remote
systems | cisco, linux
advisories | CVE-2016-6433
MD5 | b3a07df7474fe7e9d75439898695272a
Cisco Firepower Threat Management Console Denial Of Service
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a denial of service vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, denial of service
systems | cisco, linux
MD5 | 55b7b9e8a15c6a1f671e6bcf0ad3c869
Cisco Security Advisory 20161005-bgp
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 9fc4e49d47735f735bf881b995176b39
Cisco Security Advisory 20161005-dhcp2
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of malformed DHCPv4 packets. An attacker could exploit this vulnerability by sending malformed DHCPv4 packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by malformed DHCP packets processed by a DHCP relay agent listening on the device, using the IPv4 broadcast address or IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | bdbcf42c7f507401c5ed01a9f326b0bb
Cisco Security Advisory 20161005-dhcp1
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of crafted DHCPv4 offer packets. An attacker could exploit this vulnerability by sending crafted DHCPv4 offer packets to an affected device. An exploit could allow the attacker to cause the DHCP process or device to crash. This vulnerability can be exploited using IPv4 packets only. The vulnerability can be triggered by crafted DHCP packets processed by a DHCP relay agent or smart relay agent listening on the device using the IPv4 broadcast address or the IPv4 unicast address of any interface configured on a device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | d3eff152bfb27d8637de788d68688d40
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit
systems | cisco, linux
advisories | CVE-2016-6434
MD5 | 86b5a4ced799ba4cb53d202a3316365b
Cisco Security Advisory 20161005-nxaaa
Posted Oct 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions. The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote
systems | cisco
MD5 | cc72ee4edc339277831af2664c976bc3
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
MD5 | f4a1186c6866c8953658abc16723759c
Cisco Security Advisory 20160928-msdp
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
MD5 | 43cc4297092d1bd5caa70fda605ff287
Cisco Security Advisory 20160928-ios-ikev1
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, udp
systems | cisco, osx
MD5 | 2c70f7682ae53942ec87823035a10378
Cisco Security Advisory 20160928-esp-nat
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | 2271bd2366c3d705a7aec59912d5e82e
Page 4 of 73
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close