Browsing articles tagged with " Remote Control"
Feb
1
2012
Tutorial

January 2012: three Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco IP Video Phone E20 Default Root Account Cisco Digital Media Manager Privilege Escalation Vulnerability

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Dec
2
2011
Security Advisory

November 2011: two Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Cisco Small Business SRP500 Series Command Injection Vulnerability

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Dec
2
2011
Security Advisory

October 2011: ten Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published ten important vulnerability advisories: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Unified Contact Center Express Directory Traversal Vulnerability Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras Cisco Security Agent Remote Code Execution Vulnerabilities Cisco Unified Communications Manager Directory Traversal Vulnerability CiscoWorks Common Services Arbitrary Command Execution Vulnerability Cisco Show and Share Security Vulnerabilities Directory Traversal Vulnerability in Cisco Network Admission Control Manager Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Multiple Vulnerabilities in Cisco Firewall Services [...]

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Oct
24
2011
Exploit

Cisco TelePresence exploits

Cisco TelePresence is an umbrella term for Video Conferencing Hardware and Software, Infrastructure and Endpoints. The C & MXP Series are the Endpoints used on desks or in boardrooms to provide users with a termination point for Video Conferencing. 1. Post-authentication HTML Injection – CVE-2011-2544 (CSCtq46488): Cisco TelePresence Endpoints have a web interface (HTTP or HTTPS) for managing, configuring and reporting. It is possible to set the Call ID (with H.323 or SIP) to a HTML value. If a call is made to another endpoint and an authenticated user browses to the web interface on the endpoint receiving the call [...]

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Oct
11
2011
Security Advisory

September 2011: fifteen Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published fifteen important vulnerability advisories: Cisco IOS Software IP Service Level Agreement Vulnerability Cisco Identity Services Engine Database Default Credentials Vulnerability Cisco IOS Software IPv6 over MPLS Vulnerabilities Cisco IOS Software IPv6 Denial of Service Vulnerability Cisco 10000 Series Denial of Service Vulnerability Cisco IOS Software Smart Install Remote Code Execution Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities Cisco IOS Software IPS and Zone-Based Firewall Vulnerabilities Cisco IOS Software Data-Link Switching Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco Unified Communications Manager Session Initiation Protocol Memory [...]

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Sep
12
2011
Security Advisory

August 2011: five Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Apache HTTPd Range Header Denial of Service Vulnerability Denial of Service Vulnerability in Cisco TelePresence Codecs Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Cisco Unified Communications Manager Denial of Service Vulnerabilities Denial of Service Vulnerabilities in Cisco Intercompany Media Engine

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Aug
5
2011
Security Advisory

July 2011: three Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Jul
7
2011
Exploit

Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute exploit

The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by the following vulnerabilities: Arbitrary Program Execution Vulnerability Local Privilege Escalation Vulnerability Cisco has released free software updates that address these vulnerabilities. There are no workarounds for this vulnerabilities. Below the source of the exploit (Only for test!).

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Jul
6
2011
Exploit

Cisco Unified Operations Manager exploits

Cisco Unified Operations Manager (CuOM) is a NMS for voice developed by Cisco Systems. Operations Manager monitors and evaluates the current status of both the IP communications infrastructure and the underlying transport infrastructure in your network. Multiple vulnerabilities have been identified in Cisco Unified Operations Manager and associated products. These vulnerabilities include: multiple blind SQL injections multiple XSS directory traversal vulnerability

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Jul
5
2011
Exploit

Cisco Security Agent Management Console ‘st_upload’ RCE Exploit

Cisco Security Agent provides threat protection for server and desktop computing systems. Cisco Security Agent can function in a standalone manner or can be managed by the Management Center for Cisco Security Agent. The Management Center for Cisco Security Agent is affected by a vulnerability that could allow an unauthenticated attacker to perform remote code execution on the affected device. A successful exploit could allow the attacker to modify agent policies and system configuration and perform other administrative tasks. Note: This vulnerability can be exploited only by sending certain packets to the web management interface, which by default listens on [...]

Continue Reading »
Author An article by Fabio Semperboni Comments No Comments
Pages:1234»