CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 3CVE-2008-4128 – Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution
https://notcve.org/view.php?id=CVE-2008-4128
18 Sep 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. Vulnerabilidad múltiple de falsificación de petición en sitios cruzados - CSRF en... • https://www.exploit-db.com/exploits/6476 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 24%CPEs: 35EXPL: 3CVE-2008-1447 – BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2008-1447
08 Jul 2008 — The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." El... • https://www.exploit-db.com/exploits/6122 • CWE-331: Insufficient Entropy •
CVSS: 10.0EPSS: 96%CPEs: 165EXPL: 2CVE-2008-0960 – SNMPv3 - HMAC Validation error Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-0960
10 Jun 2008 — SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relie... • https://www.exploit-db.com/exploits/5790 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1150
https://notcve.org/view.php?id=CVE-2008-1150
27 Mar 2008 — The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309. La componente red privada virtual dial-up (VPDN) de Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de una ser... • http://secunia.com/advisories/29507 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1151
https://notcve.org/view.php?id=CVE-2008-1151
27 Mar 2008 — Memory leak in the virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (memory consumption) via a series of PPTP sessions, related to "dead memory" that remains allocated after process termination, aka bug ID CSCsj58566. Fugas de memoria en la componente de red privada virtual dial-up (VPDN) en Cisco IOS versiones anteriores a 12.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una se... • http://secunia.com/advisories/29507 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 271EXPL: 0CVE-2008-1152
https://notcve.org/view.php?id=CVE-2008-1152
27 Mar 2008 — The data-link switching (DLSw) component in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device restart or memory consumption) via crafted (1) UDP port 2067 or (2) IP protocol 91 packets. El componente data-link switching (DLSw) en Cisco IOS 12.0 hasta 12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo o consumo de memoria) a través de 91 paquetes manipulados del (1) puerto UDP 2067 o (2) protocolo IP. • http://secunia.com/advisories/29507 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2008-1153
https://notcve.org/view.php?id=CVE-2008-1153
27 Mar 2008 — Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. Cisco IOS versiones 12.1, 12.2, 12.3 y 12.4, con servicios UDP de IPv4 y el protocolo IPv6 habilitado, permite a los atacantes remotos causar una denegación de servicio (bloqueo del dispositivo y posible interfaz bloqueada) por medio de un paquete IPv6 diseñado para el dispositiv... • http://secunia.com/advisories/29507 •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1156
https://notcve.org/view.php?id=CVE-2008-1156
27 Mar 2008 — Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. Vulnerabilidad no especificada en la implementación de la Red Privada Virtual Multicast (MVPN) en Cisco IOS 12.0, 12.2, 12.3, y 12.4 permite a atacantes remotos crear "estados multicast extra en los routers core" a través de mensajes Mul... • http://secunia.com/advisories/29507 • CWE-16: Configuration CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 22EXPL: 0CVE-2007-5651
https://notcve.org/view.php?id=CVE-2007-5651
23 Oct 2007 — Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. Vulnerabilidad no especificada en la implementación Extensible Authentication Protocol (EAP) en Cisco IOS 12.... • http://secunia.com/advisories/27329 •
CVSS: 9.8EPSS: 51%CPEs: 1429EXPL: 2CVE-2007-5381 – Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5381
12 Oct 2007 — Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515. Desbordamiento de búfer basado en pila en Line Printer Daemon (LPD) en Cisco IOS anterior a 12.2(18)SXF11, 12.4(16a), y 12.4(2)T6 permite a atacantes remotos ejecutar... • https://www.exploit-db.com/exploits/30652 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •