VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200310-0057 CVE-2003-0757 Check Point Firewall-1 SecuRemote Internal Interface Address Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. An information leakage issue has been discovered in Check Point Firewall-1. Because of this, an attacker may gain sensitive information about network resources. Check Point FireWall-1 4.0 and 4.1 (prior to SP5) include SecuRemote which allows mobile users to connect to the internal network using encrypted and authenticated sessions. Connect to TCP port 256 of Firewall-1 version 4.0 and 4.1 via telnet, and enter the following characters: aa<CR> aa<CR> The IP address of the firewall will be returned in binary form. In addition, when using SecuRemote to connect to the TCP port 264 of the firewall, if you use a packet sniffer to intercept the data transmission, you can see the IP address information similar to the following: 15:45:44.029883 192.168.1.1.264 > 10.0.0.1.1038: P 5: 21(16) ack 17 win 8744 (DF) 0x0000 4500 0038 a250 4000 6e06 5b5a ca4d b102 E..8.P@.n.[ZM. 0x0010 5102 42c3 0108 040e 1769 fb25 cdc0....8a .i.\\%...6 0x0020 5018 2228 fa32 0000 0000 000c c0a8 0101 P.\"(.2.......M.. 0x0030 c0a8 0a01 c0a8 0e01 ........ c0a8 0101 = 192.168.1.1 c0a8 0a01 = 192.168.10.1 c0a8 0e01 = 192.168.14.1
VAR-200107-0035 CVE-2001-0977 Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the advice provided below. Vulnerabilities exist in slapd in OpenLDAP 1.x versions prior to 1.2.12 and 2.x versions prior to 2.0.8
VAR-200107-0085 CVE-2001-1183 Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. IOS functions on numerous Cisco devices, including routers and switches. The problem occurs when a malformed PPTP packet is sent to port 1723 on the router. If this occurs, the router must be reset to regain normal functionality. The PPTP implementation in Cisco IOS Releases 12.1 and 12.2 is vulnerable
VAR-200107-0078 CVE-2001-1176 Check Point Firewall-1 of Management Station Vulnerable to arbitrary code execution CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. Check Point Firewall-1 Then malicious Management Module The control station is activated when an administrator sends a management packet with malicious content to the target control station. OS A vulnerability exists that destroys the stack at the intended location.Managed Check Point Firewall-1 You may be attacked without depending on the access control status set in. Firewall-1/VPN-1 management station contains a format string vulnerability. The vulnerability is the result of passing client-supplied data to a printf* function as the format string argument. This vulnerability can only be exploited by a client that is authenticated as an administrator and connected from an authorized IP address. Administrators with limited privileges (such as read-only) may be able to exploit this vulnerability to gain control over the management station
VAR-200107-0009 CVE-2001-1038 Cisco SN 5420 Storage Router Denial of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. The Cisco SN 5420 Storage Router is a device that provides universal data storage functionality over an IP network. The problem occurs when multiple connections are rapidly established to TCP port 8023
VAR-200107-0079 CVE-2001-1177 Samsung ML-85G GDI printer driver Override any code vulnerability CVSS V2: 6.2
CVSS V3: -
Severity: MEDIUM
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming format, making it trivial for attackers to exploit this vulnerability. Since user-supplied data is written to the target file, attackers may be able to elevate privileges
VAR-200110-0052 CVE-2001-0773 Cayman gateways are vulnerable to a denial of service via a portscan CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. Cayman gateways are vulnerable to a denial of service
VAR-200107-0105 CVE-2001-1243 Microsoft IIS Device File Local Denial of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. Microsoft IIS is prone to denial of service attacks by local users. This issue is exploitable if the local attacker can create an .asp file which makes calls to various devices names. The local attacker must of course possess the privileges required to create such files. The end result of exploiting this vulnerability is that the server will crash and a denial of services will occur. The affected services must be restarted to regain normal functionality
VAR-200107-0054 CVE-2001-1158 Check Point RDP Bypass Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259. It is designed to work on various operating systems, both as a single firewall or as a firewall cluster system. A problem has been discovered with the firewall that allows traversal. It is possible for a remote user to pass packets across the firewall via port 259 by using false RDP headers on UDP packets. This makes it possible for remote users to gain access to restricted information systems
VAR-200112-0117 CVE-2001-1575 MacOS Personal Web Share certification DoS Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. Upon attempting to authenticate to the file server with 300 or more characters, the file-sharing system will stop responding. The vulnerability may be attributed to a buffer overflow vulnerability
VAR-200311-0087 CVE-2001-1412 Apple Mac OS X nidump Password File Disclosure Vulnerability CVSS V2: 2.1
CVSS V3: -
Severity: LOW
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument. A vulnerability exists in all versions of Apple MacOS X. It has been found to contain a vulnerability which could allow disclosure of passwords and other sensitive system information. nidump is a Mac OS X system data extraction utility which can be used to read the contents of the NetInfo database. This utility's default file permissions leave this utility available to any local user at the command line. However, hosts with a network nidomain may be vulnerable to remote exploitation of this issue. This is possible if remote tags are used for nidump. It should also be noted that both portmap and netinfobind must be listening on the target host for this issue to be exploited. The output of the nidump command can reveal the list of usernames and passwords in clear text. An attacker could then use this list to log in as a user with administrative priveleges
VAR-200112-0081 CVE-2001-0806 Apple MacOS X Desktop Folder Access Control Vulnerability CVSS V2: 3.6
CVSS V3: -
Severity: LOW
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. A vulnerability exists in versions of Apple MacOS X. Due to a misconfiguration of file permissions, the destop folder belonging to a given user is by default world-readable/writable. If the folder's permissions are not manually reset, arbitrary users can read from and write to any files in this location. In addition to the potential loss of confidentiality and integrity of this data, if this folder contains security-sensitive information such as usernames, passwords or configuration information, a hostile user may be able to exploit it and further undermine the security of the host. Note that some users have reported MacOS X 10.0.4 systems which do not exhibit this vulnerability. Etaoin Shrdlu <shrdlu@deaddrop.org> notes that this issue may be applicable to accounts created during the Max OS X beta test period: "Sounds like the problem accounts were upgrades from beta versions. If you are running an upgrade from a beta, then you might want to take a second look. Fresh installs seem to be just fine." An attempt has been made to fix this issue in MacOS X 10.1. This includes the admin account if permissions are not changed manually before the upgrade
VAR-200109-0072 CVE-2001-0709 Microsoft FAT File system IIS Unicode .asp Leak source vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. A flaw exists in the handling of .asp requests. Typically when a request is made for an .asp file, IIS will identify that it is a script and run it as such
VAR-200107-0123 CVE-2001-0341 Microsoft Frontpage Server Remote Application Deployment (RAD) component vulnerable to buffer overflow via malformed packet sent to server component CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. A host running IIS 4.0, could allow the execution of arbitrary commands in the SYSTEM context
VAR-200107-0147 CVE-2001-0514 Atmel SNMP Group string vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Atmel is a chip design and manufacturing firm that provides various RF-based products to corporate consumers. Atmel manufactures firmware for various wireless access systems. It is possible to gain SNMP access to some wireless access points that use the Atmel chipset and firmware. These systems do not use sufficient access control, and allow reading/writing of MIB data with any community password. This makes it possible for a remote user to gain access to sensitive information, and potentially launch an information gathering attack
VAR-200106-0167 CVE-2001-0411 Reliant Unix Service denial vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet. Reliant UNIX is prone to a denial-of-service vulnerability
VAR-200110-0083 CVE-2001-0783 Cisco TFTPD Server Directory Traversal Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. The Cisco TFTPD server is a freely available software package distributed and maintained by Cisco Systems. The software package is designed to give Microsoft Windows systems the ability to serve files via the Trivial File Transfer Protocol (TFTP). It is possible to gain access to sensitive files on a system using the affect software. By issuing a dot-dot-slash (../) request to the server, any file on the system may be downloaded. This makes it possible for attackers to gain access to arbitrary files, and potentially sensitive information. CVE(CAN) ID: CAN-2001-0783 Cisco TFTP server is a tftp server developed by Cisco. Its version 1.1 has a directory traversal vulnerability. It is possible to download any file on the target host just by prefixing the filename with some \"../\"
VAR-200512-0860 CVE-2005-4794 DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco Various Products Compressed DNS Messages Denial of Service SECUNIA ADVISORY ID: SA15472 VERIFY ADVISORY: http://secunia.com/advisories/15472/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/ SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section. Successful exploitation crashes a vulnerable device or causes it to function abnormally. The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers. SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200512-0641 CVE-2005-0037 DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco Various Products Compressed DNS Messages Denial of Service SECUNIA ADVISORY ID: SA15472 VERIFY ADVISORY: http://secunia.com/advisories/15472/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/ SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section. Successful exploitation crashes a vulnerable device or causes it to function abnormally. The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers. SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200512-0639 CVE-2005-0038 DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Multiple DNS vendors are susceptible to a remote denial-of-service vulnerability. This issue affects both DNS servers and clients. This issue arises when an affected application handles a specially crafted DNS message. A successful attack would crash the affected client or server. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco Various Products Compressed DNS Messages Denial of Service SECUNIA ADVISORY ID: SA15472 VERIFY ADVISORY: http://secunia.com/advisories/15472/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Cisco ATA 180 Series Analog Telephone Adaptors http://secunia.com/product/2810/ SOFTWARE: Cisco IP Phone 7900 Series http://secunia.com/product/2809/ Cisco ACNS Software Version 5.x http://secunia.com/product/2268/ Cisco ACNS Software Version 4.x http://secunia.com/product/2269/ Cisco Unity Express 2.x http://secunia.com/product/5151/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the DNS implementation during the decompression of compressed DNS messages and can be exploited via a specially crafted DNS packet containing invalid information in the compressed section. Successful exploitation crashes a vulnerable device or causes it to function abnormally. The vulnerability affects the following products: * Cisco IP Phones 7902/7905/7912 * Cisco ATA (Analog Telephone Adaptor) 186/188 * Cisco Unity Express The following Cisco ACNS (Application and Content Networking System) devices are also affected: * Cisco 500 Series Content Engines * Cisco 7300 Series Content Engines * Cisco Content Routers 4400 series * Cisco Content Distribution Manager 4600 series * Cisco Content Engine Module for Cisco 2600, 2800, 3600, 3700, and 3800 series Integrated Service Routers. SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml#software PROVIDED AND/OR DISCOVERED BY: NISCC credits Dr. Steve Beaty. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------