Browsing articles in "Exploit"
Jul
7
2011
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute exploit
cisco-exploit

The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by the following vulnerabilities: Arbitrary Program Execution Vulnerability Local Privilege Escalation Vulnerability Cisco has released free software updates that address these vulnerabilities. There are no workarounds for this vulnerabilities. Below the source of the exploit (Only for test!).

Jul
6
2011
Cisco Unified Operations Manager exploits
cisco-exploit

Cisco Unified Operations Manager (CuOM) is a NMS for voice developed by Cisco Systems. Operations Manager monitors and evaluates the current status of both the IP communications infrastructure and the underlying transport infrastructure in your network. Multiple vulnerabilities have been identified in Cisco Unified Operations Manager and associated products. These vulnerabilities include: multiple blind SQL injections multiple XSS directory traversal vulnerability

Jul
5
2011
Cisco Security Agent Management Console ‘st_upload’ RCE Exploit
cisco-exploit

Cisco Security Agent provides threat protection for server and desktop computing systems. Cisco Security Agent can function in a standalone manner or can be managed by the Management Center for Cisco Security Agent. The Management Center for Cisco Security Agent is affected by a vulnerability that could allow an unauthenticated attacker to perform remote code execution on the affected device. A successful exploit could allow the attacker to modify agent policies and system configuration and perform other administrative tasks. Note: This vulnerability can be exploited only by sending certain packets to the web management interface, which by default listens on […]

Oct
4
2010
Cisco Packet Tracer 5.2 DLL Hijacking Exploit
cisco-exploit

Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program […]

Apr
26
2009
Cisco ASA WebVPN Cross Site Scripting Vulnerability

Cisco ASA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials. Cisco ASA software versions 8.0.4(2B) and prior running on ASA 5500 Series Adaptive Security Appliances are vulnerable.

Apr
13
2009
Multiple Vulnerabilities in Cisco ASA / PIX security

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. Vulnerable Products The following is a list of the products affected by each vulnerability as described in detail within this advisory. VPN Authentication Bypass Vulnerability Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability. Note:  The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by […]

Feb
7
2009
Cisco IOS Cross-Site Scripting Vulnerabilities

Zloss has reported some vulnerabilities in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Input passed via the URL when executing commands is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to potentially alter the configuration of the device by tricking the user […]

Jan
21
2009
How to test Cisco IOS FTP Server Multiple Vulnerabilities

On 09 May 2007, Cisco published a Security advisory about multiple IOS FTP Server vulnetabilities. Cisco IOS FTP Server is prone to multiple vulnerabilities including a denial-of-service issue and an authentication-bypass issue. Attackers can exploit these issues to deny service to legitimate users, gain unauthorized access to an affected device, or execute arbitrary code. Only IOS devices that have the FTP Server feature enabled are vulnerable; this feature is disabled by default. The vulnerable produtcs are IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4 contain the IOS FTP server feature.

Sep
18
2008
How to test Cisco Cross-Site Request Forgery
cisco-exploit

Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit. Replace “10.10.10.1” with the IP address of the target router, embed this in a web page and hope for the best. This is only for test use.

Sep
3
2008
How to test Cisco WebEx Meeting Manager vulnerability
cisco-exploit

Searching more info about Cisco WebEx Meeting Manager vulnerability, I have found this exploit. Only for testing.

Pages:«12