Page 31 of 175 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. Desbordamiento de búfer en el servidor HTTP de Cisco IOS 12.2 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET extremadamente larga (2GB). • https://www.exploit-db.com/exploits/77 http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml http://www.kb.cert.org/vuls/id/579324 •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. Cisco IOS 12.2 y anteriores genera un mensaje "% Login Invalid" en vez de solicitar una contraseña cuando se suministra un nombre de usuario inválido, lo que permite a atacantes remotos identificar nombres de usuario válidos e intentar averiguar la contraseña con métodos de fuerza bruta, como ha informado Aironet Bridge. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml http://www.kb.cert.org/vuls/id/886796 http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824 • CWE-310: Cryptographic Issues •

CVSS: 7.8EPSS: 79%CPEs: 176EXPL: 4

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. Cisco IOS 11.x y 12.0 a 12.2 permite a atacantes remotos causar una denegación de servicio (bloqueo de tráfico) enviando una cierta secuencia de paquetes IPv4 a una interfaz del dispositivo, causando que la cola de entrada de ese interfaz sea marcada como llena. • https://www.exploit-db.com/exploits/60 https://www.exploit-db.com/exploits/59 https://www.exploit-db.com/exploits/62 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html http://www.cert.org/advisories/CA-2003-15.html http://www.cert.org/advisories/CA-2003-17.html http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml http://www.kb.cert.org/vuls/id/411332 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre& • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 48EXPL: 0

The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. El Service Assurance Agent (SAA) en Cisco IOS 12.0 hasta 12.2, también llamado Reponse Time Reporter (RTR), permite que atacantes remotos provoquen una denegación de servicio (caída) mediante paquetes RTR mal construidos para el puerto 1967. • http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. • http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml http://www.securityfocus.com/bid/5041 https://exchange.xforce.ibmcloud.com/vulnerabilities/9368 • CWE-347: Improper Verification of Cryptographic Signature •