VARIoT IoT vulnerabilities database

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. It is distributed by Cisco Systems. This makes it possible for a remote user to gain access to systems behind the NRP2 module, potentially accessing secure systems

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Rumpus FTP is prone to a denial of service. An ftp user can engage the attack by making a directory with an unusual number of sub-folders. This forces the software to quit, as it is unable to handle the creation of so many directories at one time. The FTP server must be rebooted to regain normal functionality. It is required that a user be logged in to carry out this attack. It may be possible for remote users to exploit this vulnerability, but authentication is required and anonymous ftp access does not grant users the privileges neccesary to create directories

Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access. Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. This could facilitate remote denials of service, as well as potentially allowing further compromises of the network served by the router

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. Microsoft IIS Is URL If the redirect is valid, Code Red Service operation is affected by the worm (DoS) A condition may occur.Microsoft IIS Service disruption (DoS) It may be in a state. Due to the inproper handling of URL redirection in IIS 4.0, it is possible to cause a host to stop responding. This vulnerability is currently being exploited by the 'Code Red' worm. Upon the worm sending a request attempting to infect the target host, IIS 4.0 will inproperly handle the unusal length of the request and fail. A restart of the service is required in order to gain normal functionality. It should be noted that the 'Code Red' worm attempts to exploit a previously discovered vulnerability BID 2880. Due to a flaw in SiteWare Editor's Desk, it is possible for a user to gain read access of known files residing on a SiteWare host. This is accomplished by crafting a URL containing double dot '../' sequences along with the relative path to a known file

cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. There is a vulnerability in the cookiedecode function in PHP-Nuke version 4.4

The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. The Cisco Content Service Switch is an enterprise level web content switch, designed for load balancing and use as a frontend to a redundant web farm. It was previously manufactured by Arrowpoint. A problem with the switch can make it possible for a user to elevated privileges. Due to insufficent authentication checking, a user can bookmark the URL he or she is redirected to, and access the switch via that URL without authenication

Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. It is maintained by Cisco systems. By initiating a TCP scan against a piece of Cisco hardware 3100-3999, 5100-5999, 7100-7999, and 10100-10999, the router becomes unstable and suffers memory corruption. Upon the next attempt to access the configuration, the router will unexpectedly reload the configuration. This problem makes it possible for a remote user to cause an arbitrary reload of the router configuration, and potentially deny service to network assets

The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. A problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. This problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. It is possible to log in remotely to the server and shut down the service by making a directory with a name that is 65 characters long. Users must be authenticated to engage this attack

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Passwords are stored in plaintext format in the prefs folder

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS decodes the filename to determine the filetype and the legitimacy of the file. IIS then carries out a security check. 2. When the security check is completed, IIS decodes CGI parameters. A flaw in IIS involves a third undocumented action: Typically, IIS decodes only the CGI parameter at this point, yet the previously decoded CGI filename is mistakenly decoded twice. If a malformed filename is submitted and circumvents the initial security check, the undocumented procedure will decode the malformed request, possibly allowing the execution of arbitrary commands. Note that arbitrary commands will be run with the IUSR_machinename account privileges. Reportedly, various encoding combinations under Windows 2000 Server and Professional may yield different outcomes. Personal Web Server 1.0 and 3.0 are reported vulnerable to this issue. The worm Nimda(and variants) actively exploit this vulnerability

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain

Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Microsoft Windows Is Telnet If you use a legitimate user account with a special character string added and there is a flaw in the implementation of the domain authentication operation, you will not be asked for domain authentication when logging in to the domain to which the account belongs. Telnet The service is vulnerable to enumerating server domains and all domains trusted by user accounts instead of authentication.There is a possibility of unauthorized login to the system. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS. IOS is the firmware designed for Cisco routers. IOS is a router specific firmware designed to allow networkers the ability to configure and control Cisco routers. A problem in IOS can allow remote users to crash Cisco routers. This problem makes it possible for a remote user to crash Cisco routers using BGP, and deny service to legitimate users

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. CUPS is prone to a local security vulnerability. A local attacker may exploit this issue to perform unauthorized actions. Common Unix Printing System (CUPS) is a common Unix printing system and a cross-platform printing solution in the Unix environment. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. This vulnerability is different from CVE-2001-1333

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning (WebDAV) request. WebDAV contains a flaw in the handling of certain malformed requests. This vulnerability has been known to affect the server performance and could lead to a denial of service condition, however this has not been verified

Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. A denial-of-service vulnerability exists in the Hot Standby Router Protocol (HSRP) . It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren't using ICMP Router Discovery Protocol to find the new router handling traffic for their segment. By eavesdropping on HSRP management messages sent over the network, it is possible to create a spoofed message that will reroute all network traffic to a particular system. By doing so, it is possible to prevent traffic from entering or leaving that network. This problem makes it possible for system local to the network to deny service to legitmate users of that network segment

Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. GoAhead WebServer is prone to a directory traversal vulnerability

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. PHP-Nuke is prone to a remote security vulnerability. PHP-Nuke 4.4.1a is vulnerable

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. PHP-Nuke is prone to a remote security vulnerability. Vulnerabilities exist in bb_smilies.php and bbcode_ref.php in PHP-Nuke version 4.4