CVE-2011-3310
https://notcve.org/view.php?id=CVE-2011-3310
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. El componente de página de inicio ("Home Page") de Cisco CiscoWorks Common Services en versiones anteriores a 4.1 en Windows, tal como se usa en CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager y CiscoWorks Voice Manager, permite a usuarios autenticados remotos ejecutar comandos arbitrarios a través de una URL modificada. También conocido como Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090 y CSCtt25535. • http://secunia.com/advisories/46533 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs http://www.securityfocus.com/bid/50284 https://exchange.xforce.ibmcloud.com/vulnerabilities/70759 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0138 – Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0138
Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. Desbordamiento de búfer en Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 y versiones anteriores en Windows, tal y como se distrubuye en CiscoWorks LAN Management Solution (LMS), permite a atacantes remotos ejecutar código de su elección mediante una petición getProcessName CORBA General Inter-ORB Protocol (GIOP) malformada, relacionado con un "componente de terceros", también conocido como Bug ID CSCsv62350. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CiscoWorks Internetwork Performance Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of CORBA GIOP requests. By making a specially crafted getProcessName GIOP request an attacker can corrupt memory. • http://secunia.com/advisories/38230 http://securitytracker.com/id?1023484 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml http://www.securityfocus.com/bid/37879 http://www.vupen.com/english/advisories/2010/0184 http://www.zerodayinitiative.com/advisories/ZDI-10-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/55768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •