what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed


VxWorks 6.8 Integer Underflow
Posted Aug 12, 2019
Authored by Zhou Yu

VxWorks version 6.8 suffers from an integer underflow vulnerability.

tags | exploit
advisories | CVE-2019-12255
MD5 | a346984950ce335e2b9ad5be2ef55f0c

Related Files

TP-Link VxWorks / 2-Series Switches Fail
Posted Oct 1, 2014
Authored by kvnjs

TP-Link VxWorks-based devices and 2-Series switches suffer from a large amount of vulnerabilities that the vendor refuses to address.

tags | advisory, vulnerability
advisories | CVE-2008-2476, CVE-2010-2966, CVE-2010-2967, CVE-2013-0711, CVE-2013-0712, CVE-2013-0713, CVE-2013-0714, CVE-2013-0715, CVE-2013-0716
MD5 | 48a1386aa4cc2a7cdd06ce61efa747fb
VxWorks R5_0_31 Data Disclosure
Posted Jun 4, 2013
Authored by Russell Butturini

The 3Com NBX V3000 phone system firmware was found to have the VxWorks remote debug service enabled. This allows for remotely extracting the contents of device memory over the network. When parsing the contents of memory, it was discovered that the call logs for the system as well as URLs which linked to WAV files containing voice mails that were accessible.

tags | exploit, remote, info disclosure
MD5 | 0eefa790a17dcbc192442a4f391eecf8
Digging Inside VxWorks OS And Firmware - Holistic Security
Posted Jul 18, 2011
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.

tags | paper, vulnerability
MD5 | 2fe7af017754aecc2f68198a7bb61a86
Secunia Security Advisory 40803
Posted Aug 5, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in VxWorks, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory
MD5 | e50af62f7bbd2d612740939ad3f8a784
Rapid7 Security Advisory 35
Posted Aug 3, 2010
Authored by H D Moore, Rapid7 | Site rapid7.com

Rapid7 Security Advisory - The VxWorks authentication library suffers from a weak password hashing vulnerability.

tags | advisory
MD5 | 85a31ff284d237b37a2b7844740fb9cd
Rapid7 Security Advisory 34
Posted Aug 3, 2010
Authored by H D Moore, Rapid7 | Site rapid7.com

Rapid7 Security Advisory - The VxWorks WDB agent debug service suffers from multiple vulnerabilities.

tags | advisory, vulnerability
MD5 | bf5c5e1dcb4b1f4cd55c2b25db6b454e
Posted Oct 2, 2006
Site osnews.com

Zachary McGrew has discovered and reported that the FiWin SS28S WiFi VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a hardcoded user/pass of 1/1. Various debug commands enable viewing SIP credentials, WEP keys, etc. on the phone.

tags | advisory
MD5 | 9e64e6051a1993ab8b3ae5b7969f1364
Posted Jan 22, 2006
Authored by Shawn Merdinger

An undocumented open port, UDP/17185, VxWorks WDB remote debugging (wdbrpc) is left in from development. This open port may allow an attacker unauthenticated access to the phone's OS, yield sensitive information, create opportunities for DoS, etc.

tags | advisory, remote, udp
MD5 | ef73181990373bb697dbdc05b50f365d
Posted Jan 22, 2006
Authored by Shawn Merdinger

The ACT P202S VoIP 802.11b wireless phone, version 1.01.21 on VxWorks has three undocumented ports and extraneous services that can be exploited by attackers.

tags | advisory
MD5 | 08ca45f0286cca81f0131d17a74e1cb3
Cisco Security Advisory 20051116-7920
Posted Nov 20, 2005
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco 7920 Wireless IP Phone provides Voice Over IP service via IEEE 802.11b Wi-Fi networks and has a form-factor similar to a cordless phone. This product contains two vulnerabilities: The first vulnerability is an SNMP service with fixed community strings that allow remote users to read, write, and erase the configuration of an affected device. The second vulnerability is an open VxWorks Remote Debugger on UDP port 17185 that may allow an unauthenticated remote user to access debugging information or cause a denial of service. Confirmed vulnerable: Cisco 7920 Wireless IP Phone, firmware version 2.0 and earlier.

tags | advisory, remote, denial of service, udp, vulnerability
systems | cisco
MD5 | 20b60cd5e7c89fc1184178f9bd2161d2
Atstake Security Advisory 04-09-13.2
Posted Sep 15, 2004
Authored by Atstake, James Vaughan | Site atstake.com

Atstake Security Advisory A091304-2 - A vulnerability in the HTTP management interface of the Pingtel Xpressa phone enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.

tags | advisory, remote, web
MD5 | 2ea283111df43583fca089a9abd1b03a
Cisco Security Advisory 20040219-ONS
Posted Feb 19, 2004
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory 20040219 - Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. With one vulnerability, the TFTP service on UDP port 69 is enabled by default to allow both GET and PUT commands to be executed without any authentication. Another allows for an ACK Denial of Service (DoS) attack on TCP port 1080. Another involves telnet, where access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to this vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login into the VxWorks shell, using their previously configured password.

tags | advisory, denial of service, shell, udp, tcp, vulnerability
systems | cisco
MD5 | 96bc846820392450c6ac3399ed0d1c81
Posted Dec 2, 2000
Site libre.act-europe.fr

GVD is a general purpose graphical debugger frontend. It features advanced data display and visualization capabilities, and allows the debugging of multi-process/multi-threaded applications in the same debugging session. GVD works with native and cross-debuggers and can handle several languages in the same debugging session and the same application. C and Ada are supported. GVD can run on a host different from the machine where the debugger is running and provides friendly support for cross-debuggers (VxWorks, Lynx, etc.). For instance, you can use Linux or Windows to debug an application running on a Power PC board with a debugger running on a Sun workstation.

systems | linux, windows
MD5 | d5a4f12782f729048d9b1af98f4725e9
Posted Jan 26, 2000
Site oliver.efri.hr

Nortel's new Contivity seris extranet switches give administrators the ability to enable a small HTTP server and use Nortel's web based administration utility to handle configuration and maitenance. The server runs atop the VxWorks operating system and is located in the directory /system/manage. A CGI application, /system/manage/cgi/cgiproc that is used to display the administration html pages does not properly authenticate users prior to processing requests. An intruder can view any file on the switch without logging in.

tags | exploit, web, cgi
MD5 | d8907b5e5ad5425825df082b64d08a81
Page 1 of 1

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By