Recently, the Red Hat team have found a critical remotely exploitable vulnerability in the Bash (aka the GNU Bourne Again Shell), that allow a remote attacker to inject arbitrary commands. GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash […]

This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to 8.4.4.6 and 8.2.5.32 are affected. Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest attack using this vulnerability would be to send ICMP echo messages to a machine with a vulnerable ethernet […]

Part of the Cisco Video Surveillance Manager product suite, the Cisco Video Surveillance Operations Manager enables the efficient and effective configuration and management of video throughout an enterprise. It provides a secure web portal to configure, manage, display, and control video in an IP network, and provides the ability to easily manage a large number of security assets and users, including media server instances, cameras, encoders, and event sources, as well as digital monitors.

The Cisco Unity Express software contains two important vulnerabilities: CVE ID: CVE-2013-1114: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site scripting attacks.  The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted requests. However, all affected versions of the software have reached End of Software Maintenance or Last Day of Support. CVE ID: CVE-2013-1120: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks.  The vulnerabilities are due […]

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426. Solution: Upgrade to the version specified in the vendor advisory or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Cisco Linksys PlayerPT ActiveX is prone to an overflow condition. The SetSource() function fails to properly sanitize user-supplied input resulting in a stack based buffer overflow. With a specially crafted argument, a remote attacker can potentially cause execution of arbitrary code. Solution: Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to correct the flaw by implementing the following workaround: set the kill-bit on the PlayerPT.ocx ActiveX Control [ {9E065E4A-BD9D-4547-8F90-985DC62A5591} ]. See Microsoft KB article 240797 for additional details.

The Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx auffers a buffer overflow vulnerability. When viewing the device web interface it asks to install an ActiveX control with the following settings: ProductName: PlayerPT ActiveX Control Module File version: 1.0.0.15 Binary path: C:\WINDOWS\system32\PlayerPT.ocx CLSID: {9E065E4A-BD9D-4547-8F90-985DC62A5591} ProgID: PLAYERPT.PlayerPTCtrl.1 Safe for scripting (registry): True Safe for initialization (registry): True

The Cisco Linksys WAG54GS ADSL router suffers a cross site request forgery vulnerability. Below the source of the exploit (Only for test!) +——————————————————————————————————————————–+ # Exploit Title : Cisco Linksys WAG54GS (ADSL Router) change admin password # Date          : 20-02-2012 # Author        : Ivano Binetti (ivanobinetti.com) # Vendor site   : www.linksysbycisco.com # Version       : WAG54GS # Tested on     : Firmware Version: V1.01.03 +——————————————————————————————————————————–+ +——————————————[Change Admin Account Password by Ivano Binetti]————————————–+ Summary 1)Introduction 2)Vulnerability Description 3)Exploit +———————————————————————————————————————————+ 1)Introduction Cisco Linksys WAG54GS is an ADSL Router which uses a web management interface -listening to default on tcp/ip port 80 – and “admin” as […]

Cisco TelePresence is an umbrella term for Video Conferencing Hardware and Software, Infrastructure and Endpoints. The C & MXP Series are the Endpoints used on desks or in boardrooms to provide users with a termination point for Video Conferencing. 1. Post-authentication HTML Injection – CVE-2011-2544 (CSCtq46488): Cisco TelePresence Endpoints have a web interface (HTTP or HTTPS) for managing, configuring and reporting. It is possible to set the Call ID (with H.323 or SIP) to a HTML value. If a call is made to another endpoint and an authenticated user browses to the web interface on the endpoint receiving the call […]

The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by the following vulnerabilities: Arbitrary Program Execution Vulnerability Local Privilege Escalation Vulnerability Cisco has released free software updates that address these vulnerabilities. There are no workarounds for this vulnerabilities. Below the source of the exploit (Only for test!).