Browsing articles in "Security Advisory"
Sep
25
2008
Sep.24, 2008?! 12 new Cisco vulnerability advisories!
Cisco-vulnerabilities

On September 24, 2008, at about 16:00 GMT, the The Cisco Product Security Incident Response Team (PSIRT) has published 12 new vulnerability advisories. Mainly these vulnerabilities are DOS attack.

Sep
18
2008
Cisco Cross-Site Request Forgery
Cisco-vulnerabilities

Cisco routers with the HTTP administration interface enabled are vulnerable to an CSRF (Cross-Site Request Forgery) vulnerability that can yield remote command execution with level 15 privileges. An attacker can execute ANY command on the router with level 15 (root, same as enable) privileges (usually level 15 user by default) by getting a target user (administrator or etc) to view a web page that has the exploit embedded. The exploits can be modified to, on loading of the page with the exploits embedded, to execute both exec and configure commands on the Cisco router. These exploits have been tested on […]

Sep
5
2008
Cisco Secure ACS EAP Parsing Vulnerability
Cisco-vulnerabilities

A new Cisco ACS vulnerability is found by Gabriel Campana and Laurent Butti. Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. The affected products are all versions of Cisco Secure ACS that support EAP.

Sep
4
2008
Cisco ASA and PIX Security Appliances Multiple Vulnerabilities
Cisco-vulnerabilities

Some vulnerabilities have been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to disclose sensitive information, and by malicious users and malicious people to cause a DoS (Denial of Service).

Sep
3
2008
Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
Cisco-vulnerabilities

From the Cisco Security Advisory : A buffer overflow vulnerability exists in an ActiveX control used by the WebEx Meeting Manager. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the user client machine. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting.

Pages:«123456789