CVE-2011-2738 – Cisco Unified Service Monitor brstart sm_read_string_length Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2738
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. Múltiples vulnerabilidades no especificadas en Unified Service Monitor de Cisco anterior a versión 8.6, tal y como es usado en Unified Operations Manager anterior a versión 8.6 y CiscoWorks LAN Management Solution versiones 3.x y 4.x anteriores a 4.1; y múltiples productos de Ionix de EMC, incluido Application Connectivity Monitor (Ionix ACM) versión 2.3 y versiones anteriores, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) versión 3.2.0.2 y anteriores, IP Management Suite (Ionix IP) versión 8.1.1.1 y versiones anteriores, y otros productos Ionix; permiten a los atacantes remotos ejecutar código arbitrario por medio de paquetes diseñados al puerto TCP 9002, también se conoce como Bug IDs CSCtn42961 y CSCtn64922, relacionados con un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified Service Monitor due to bundled EMC SMARTS application server. Authentication is not required to exploit this vulnerability. The flaw exists within the brstart.exe service which listens by default on TCP port 9002. When handling the authentication portion of a SMARTS request the process extracts a user provided value to allocate a buffer via sm_read_string_length then blindly copies user supplied data into this buffer on the heap. • http://secunia.com/advisories/45979 http://secunia.com/advisories/46016 http://secunia.com/advisories/46052 http://secunia.com/advisories/46053 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml http://www.osvdb.org/75442 http://www.securityfocus.com/archive/1/519646/100/0/threaded http://www.securityfocus.com/bid/49627 http://www.securityfocus.com/bid/49644 http:/ •
CVE-2010-3036
https://notcve.org/view.php?id=CVE-2010-3036
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. Multiples desbordamientos de búfer en la función de autenticación en el módulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar código a su elección a través de sesiones TCP en el puerto (1) 443 o (2) 1741, también conocido como "Bug ID CSCti41352". • http://osvdb.org/68927 http://secunia.com/advisories/42011 http://securitytracker.com/id?1024646 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml http://www.securityfocus.com/bid/44468 http://www.vupen.com/english/advisories/2010/2793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1161
https://notcve.org/view.php?id=CVE-2009-1161
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el servicio TFTP en Cisco CiscoWorks Common Services (CWCS) v3.0.x hasta v3.2.x en Windows, también utilizado en Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager y otros productos, lo que permite atacantes remotos acceder a ficheros arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN62527913/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html http://osvdb.org/54616 http://secunia.com/advisories/35179 http://securitytracker.com/id?1022263 http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml http://www.securityfocus.com/bid/35040 http://www.vupen.com/english/advisories/2009/1390 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •