Next Page >>
controllers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Document ID: 109450
Advisory ID: cisco-sa-20090225-ace
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Advisory ID: cisco-sa-20100811-ace
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20120229-wlc
Revision 1.0
For Public Release 2012 February 29 16:00 UTC (GMT)
Title: CA DSM gui_cm_ctrls ActiveX Control Vulnerability
CA Advisory Date: 2008-04-15
Reported By: Greg Linares of eEye Digital Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security
Appliance Clientless VPN ActiveX Control Remote Code Execution
Vulnerability
Advisory ID: cisco-sa-20120314-asaclient
Revision 1.0
licenses of its software sold to date. Citect's products are used by
organizations worldwide in numerous industries including Aerospace &
Defense, Oil & Gas, Power/Utilities, Chemical, Pharmaceutical,
Manufacturing and others.
CitectSCADA (Supervisory Control and Data Acquisition) is a system with
the primary function of collecting data and providing an interface to
control equipment such as Programmable Logic Controllers (PLCs), Remote
Terminal Units (RTUs) etc. with an integrated Human Machine Interface
(HMI) / SCADA solution to deliver a scalable and reliable control and
monitoring system. The system is composed by software installed on
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02544568
Version: 1
HPSBGN02589 SSRT100296 rev.1 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-10-13
Last Updated: 2010-10-13
Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer
Overflow Vulnerability
CVE: CVE-2008-1472
CA Advisory Date: 2008-03-28
Reported By: Exploit code posted at milw0rm.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20090204-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml
The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco
ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH
Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching
Platform contains a vulnerability when processing TCP traffic streams
that may result in a reload of the device control card.
Cisco has released free software updates that address this
vulnerability.
There are no workarounds that mitigate this vulnerability. Several
=======
TCP provides reliable data transmission services in packet-switched
network environments. TCP corresponds to the transport layer (Layer
4) of the OSI reference model. Among the services TCP provides are
stream data transfer, reliability, efficient flow control, full-duplex
operation, and multiplexing.
When TCP connections are terminated in Cisco IOS Software, they are
allocated a transmission control block (TCB). All allocated TCBs,
associated TCP port numbers, and the TCP state are displayed in the
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20100908-wlc
Revision 1.0
* Cisco IOS
* Cisco IOS-XR
* Cisco Catalyst Operating System (CatOS)
* Cisco NX-OS
* Cisco Application Control Engine (ACE) Module
* Cisco ACE Appliance
* Cisco ACE XML Gateway
* Cisco MDS 9000 Series Multilayer Fabric Switches
Note: The SNMP server is disabled by default. These vulnerabilities
Hash: SHA1
Aruba Networks Security Advisory
Title: DoS Vulnerability in Aruba Mobility Controller Caused by
Malformed EAP Frame.
Aruba Advisory ID: AID-12808
Revision: 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aruba Networks Security Advisory
Title: Aruba Mobility Controller TACACS User Authentication and Cross
Site Scripting Vulnerabilities
Aruba Advisory ID: AID-051408
Revision: 1.0
BV919A HP P2000 G3 iSCSI MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV920A HP P2000 G3 iSCSI MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV910A HP P2000 G3 iSCSI MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV911A HP P2000 G3 iSCSI MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV912A HP P2000 G3 iSCSI MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
AW596A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller LFF Array System
AW597A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller SFF Array System
AP847A HP StorageWorks P2000 G3 FC MSA Dual Controller Small Business SAN Starter Kit
AP848A HP StorageWorks P2000 G3 FC MSA Dual Controller Virtualization SAN Starter Kit
BK816A HP StorageWorks P2000 G3 FC/iSCSI w/24 300GB 6G SAS 10K SFF DP 7.2K 7.2TB Bundle
BK746SB HP StorageWorks P2000 G3 MSA FC Dual Controller LFF Array Starter Kit/S-Buy
8.2. *Additional information: Low severity bugs in ActiveDom.ocx ActiveX*
The ActiveX control 'ActiveDom.ocx' is shipped with HP Openview NNM 7.53
and installed by default. The control is prone to multiple memory
corruption bugs due to erroneous handling of overly long strings passed
to multiple methods. These bugs are considered of low severity because
the control is not configured as Safe for Scripting or Safe for
Initialization [1] and therefore cannot be exploited without explicit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
/////////
Software called "HP Info Center" is shipped with almost every HP laptop model for few years.
It is designed to support user with quick system information and hardware configuration
using single button touch.
One of its ActiveX controls deployed by default by the vendor has three insecure methods
that allow a malicious person to target the HP notebook machines for a remote code execution
and remote registry manipulation based attacks.
Title: Multiple Security Bugs In Hosting Controller
Critical: Extremely critical
Impact: Full system administrator access
Vendor: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Vendor URL: www.hostingcontroller.com
Solution: N/A From company - There is temporary solution in this report
Exploit: Available
Release Date: 2007 - December
Credit: www.BugReport.ir
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of
Service Vulnerability
Document ID: 112916
Advisory ID: cisco-sa-20110427-wlc
process of downloading the Cisco AnyConnect Secure Mobility Client
begins. This action causes the browser to first download a "helper"
application that aids in downloading and executing the actual Cisco
AnyConnect Secure Mobility Client. The helper application is a Java
applet on the Linux and MacOS X platforms, and either a Java applet
on the Windows platform or an ActiveX control if the browser is
capable of utilizing ActiveX controls. The downloaded helper
application is executed in the context of the originating site in the
user's web browser. The helper application then downloads the Cisco
AnyConnect Secure Mobility Client from the VPN headend and executes
it.
BV919A HP P2000 G3 iSCSI MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV920A HP P2000 G3 iSCSI MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV910A HP P2000 G3 iSCSI MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV911A HP P2000 G3 iSCSI MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV912A HP P2000 G3 iSCSI MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
AW596A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller LFF Array System
AW597A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller SFF Array System
AP847A HP StorageWorks P2000 G3 FC MSA Dual Controller Small Business SAN Starter Kit
AP848A HP StorageWorks P2000 G3 FC MSA Dual Controller Virtualization SAN Starter Kit
BK816A HP StorageWorks P2000 G3 FC/iSCSI w/24 300GB 6G SAS 10K SFF DP 7.2K 7.2TB Bundle
BK746SB HP StorageWorks P2000 G3 MSA FC Dual Controller LFF Array Starter Kit/S-Buy
BV919A HP P2000 G3 iSCSI MSA DC w/12 300GB 6G SAS 10K SFF HDD 3.6TB Bundle
BV920A HP P2000 G3 iSCSI MSA DC w/12 600GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV910A HP P2000 G3 iSCSI MSA DC w/24 146GB 6G SAS 15K SFF HDD 3.5TB Bundle
BV911A HP P2000 G3 iSCSI MSA DC w/24 300GB 6G SAS 10K SFF HDD 7.2TB Bundle
BV912A HP P2000 G3 iSCSI MSA DC w/24 600GB 6G SAS 10K SFF HDD 14.4TB Bundle
AW596A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller LFF Array System
AW597A HP StorageWorks P2000 G3 10GbE iSCSI MSA Dual Controller SFF Array System
AP847A HP StorageWorks P2000 G3 FC MSA Dual Controller Small Business SAN Starter Kit
AP848A HP StorageWorks P2000 G3 FC MSA Dual Controller Virtualization SAN Starter Kit
BK816A HP StorageWorks P2000 G3 FC/iSCSI w/24 300GB 6G SAS 10K SFF DP 7.2K 7.2TB Bundle
BK746SB HP StorageWorks P2000 G3 MSA FC Dual Controller LFF Array Starter Kit/S-Buy
.text:00012913 add ecx, 4
.text:00012916 cmp eax, [esi+8] <-- (9)
.text:00012919 jb short loc_12909
[...]
(6) Some user controlled data is copied into ecx
(7) The user controlled data is copied into edx
(8) The user controlled data is copied (as dwords) at the memory location
OVERWRITTEN_DATA
(9) The size of the copied data (loop counter in eax) can be controlled by the
user
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
Duplicate Issue Identification in Other Cisco TelePresence Advisories
The Unauthenticated Java Servlet Access vulnerability affects the
Hash: SHA1
The certificate referenced in this posting is for demonstration purposes
*only*, and this is clearly indicated in Aruba's documentation:
"A server certificate installed in the controller verifies the
authenticity of the controller for 802.1x authentication. Aruba
controllers ship with a demonstration digital certificate. Until you
install a customer-specific server certificate in the controller, this
demonstration certificate is used by default for all secure HTTP
connections (such as the WebUI and captive portal) and AAA FastConnect.
NTP Access Group
+---------------
Warning: Because the feature in this vulnerability utilizes
UDP as a transport, it is possible to spoof the sender's IP address,
which may defeat access control lists (ACLs) that permit
communication to these ports from trusted IP addresses. Unicast
Reverse Path Forwarding (Unicast RPF) should be considered to be used
in conjunction to offer a better mitigation solution.
I. BACKGROUND
Cisco's AnyConnect VPN solution provides remote access to customers via
the Web browser. This is accomplished through the use of an ActiveX
control. The control itself is provided by the server upon connecting.
Cisco states that AnyConnect VPN supports all Adaptive Security
Appliance (ASA) models. For more information, visit the following URL.
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/release/notes/anyconnect23rn.html
I. BACKGROUND
Citrix's Access Gateway solution provides remote access to customers via
the Web browser. This is accomplished through the use of an ActiveX
control that enables an SSL based VPN. The control itself is provided by
the server upon connecting. Access Gateway functionality is provided by
several models of Access Gateway Appliances. For more information, visit
the URL referenced below.
II. DESCRIPTION
Next Page>>
|
