Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:54:13 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1035202700&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20Cisco%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2Fcisco%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1035202700.1338191653.1338191653.1338191653.1%3B%2B__utmz%3D32867617.1338191653.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113059/ios5_safari_js_crash.rb.txt http://packetstormsecurity.org/files/113059/ios5_safari_js_crash.rb.txt http://packetstormsecurity.org/files/113059/iOS-5.1.1-Safari-Browser-Denial-Of-Service.html Sat, 26 May 2012 22:22:22 GMT iOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit. http://packetstormsecurity.org/files/112817/sa49139.txt http://packetstormsecurity.org/files/112817/sa49139.txt http://packetstormsecurity.org/files/112817/Secunia-Security-Advisory-49139.html Thu, 17 May 2012 11:19:16 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco Adaptive Security Appliance (ASA), which can be exploited by malicious people to disclose potentially sensitive information. http://packetstormsecurity.org/files/112565/sa49101.txt http://packetstormsecurity.org/files/112565/sa49101.txt http://packetstormsecurity.org/files/112565/Secunia-Security-Advisory-49101.html Wed, 09 May 2012 07:38:02 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco Secure ACS, where some have unknown impacts and others can be exploited by malicious people to conduct script insertion, cross-site request forgery, and SQL injection attacks. http://packetstormsecurity.org/files/112564/sa49104.txt http://packetstormsecurity.org/files/112564/sa49104.txt http://packetstormsecurity.org/files/112564/Secunia-Security-Advisory-49104.html Wed, 09 May 2012 07:37:59 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. http://packetstormsecurity.org/files/112563/sa49102.txt http://packetstormsecurity.org/files/112563/sa49102.txt http://packetstormsecurity.org/files/112563/Secunia-Security-Advisory-49102.html Wed, 09 May 2012 07:37:56 GMT Secunia Security Advisory - A weakness and two vulnerabilities have been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to enumerate folders on an affected system and conduct cross-site scripting attacks. http://packetstormsecurity.org/files/112541/ciscolinksys-xsrf.txt http://packetstormsecurity.org/files/112541/ciscolinksys-xsrf.txt http://packetstormsecurity.org/files/112541/Cisco-Linksys-WRT54GL-Cross-Site-Request-Forgery.html Tue, 08 May 2012 17:17:17 GMT The Cisco Linksys WRT54GL router suffers from a cross site request forgery vulnerability. http://packetstormsecurity.org/files/112482/iosapp-insecurity.pdf http://packetstormsecurity.org/files/112482/iosapp-insecurity.pdf http://packetstormsecurity.org/files/112482/iOS-Application-In-Security.html Sun, 06 May 2012 01:48:08 GMT This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance. http://packetstormsecurity.org/files/112083/newsroomcisco-xss.txt http://packetstormsecurity.org/files/112083/newsroomcisco-xss.txt http://packetstormsecurity.org/files/112083/Newsroom.cisco.com-Cross-Site-Scripting.html Mon, 23 Apr 2012 18:39:19 GMT Newsroom.cisco.com suffers from a cross site scripting vulnerability. The author tried to reach Cisco and did not get a response. http://packetstormsecurity.org/files/111715/sa48752.txt http://packetstormsecurity.org/files/111715/sa48752.txt http://packetstormsecurity.org/files/111715/Secunia-Security-Advisory-48752.html Wed, 11 Apr 2012 06:17:38 GMT Secunia Security Advisory - SecureWorks has reported multiple vulnerabilities in Cisco IronPort Web Security Appliance, which can be exploited by malicious people to conduct spoofing attacks. http://packetstormsecurity.org/files/111600/sa47023.txt http://packetstormsecurity.org/files/111600/sa47023.txt http://packetstormsecurity.org/files/111600/Secunia-Security-Advisory-47023.html Thu, 05 Apr 2012 05:29:58 GMT Secunia Security Advisory - Three vulnerabilities have been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/111595/cisco-sa-20120404-webex.txt http://packetstormsecurity.org/files/111595/cisco-sa-20120404-webex.txt http://packetstormsecurity.org/files/111595/Cisco-Security-Advisory-20120404-webex.html Thu, 05 Apr 2012 01:19:10 GMT Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com. If the WRF player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities. http://packetstormsecurity.org/files/111445/sa48611.txt http://packetstormsecurity.org/files/111445/sa48611.txt http://packetstormsecurity.org/files/111445/Secunia-Security-Advisory-48611.html Sun, 01 Apr 2012 09:50:34 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111444/sa48630.txt http://packetstormsecurity.org/files/111444/sa48630.txt http://packetstormsecurity.org/files/111444/Secunia-Security-Advisory-48630.html Sun, 01 Apr 2012 09:50:31 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111439/sa48641.txt http://packetstormsecurity.org/files/111439/sa48641.txt http://packetstormsecurity.org/files/111439/Secunia-Security-Advisory-48641.html Sun, 01 Apr 2012 09:50:17 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS XE, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111438/sa48621.txt http://packetstormsecurity.org/files/111438/sa48621.txt http://packetstormsecurity.org/files/111438/Secunia-Security-Advisory-48621.html Sun, 01 Apr 2012 09:50:14 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111437/sa48633.txt http://packetstormsecurity.org/files/111437/sa48633.txt http://packetstormsecurity.org/files/111437/Secunia-Security-Advisory-48633.html Sun, 01 Apr 2012 09:50:11 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111436/sa48609.txt http://packetstormsecurity.org/files/111436/sa48609.txt http://packetstormsecurity.org/files/111436/Secunia-Security-Advisory-48609.html Sun, 01 Apr 2012 09:50:08 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111432/sa48608.txt http://packetstormsecurity.org/files/111432/sa48608.txt http://packetstormsecurity.org/files/111432/Secunia-Security-Advisory-48608.html Sun, 01 Apr 2012 09:49:57 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111385/sa48610.txt http://packetstormsecurity.org/files/111385/sa48610.txt http://packetstormsecurity.org/files/111385/Secunia-Security-Advisory-48610.html Fri, 30 Mar 2012 01:49:35 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111378/sa48607.txt http://packetstormsecurity.org/files/111378/sa48607.txt http://packetstormsecurity.org/files/111378/Secunia-Security-Advisory-48607.html Fri, 30 Mar 2012 01:49:12 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111377/sa48636.txt http://packetstormsecurity.org/files/111377/sa48636.txt http://packetstormsecurity.org/files/111377/Secunia-Security-Advisory-48636.html Fri, 30 Mar 2012 01:49:09 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions. http://packetstormsecurity.org/files/111376/sa48605.txt http://packetstormsecurity.org/files/111376/sa48605.txt http://packetstormsecurity.org/files/111376/Secunia-Security-Advisory-48605.html Fri, 30 Mar 2012 01:49:06 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111373/sa48515.txt http://packetstormsecurity.org/files/111373/sa48515.txt http://packetstormsecurity.org/files/111373/Secunia-Security-Advisory-48515.html Fri, 30 Mar 2012 01:48:58 GMT Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/111331/cisco-sa-20120328-pai.txt http://packetstormsecurity.org/files/111331/cisco-sa-20120328-pai.txt http://packetstormsecurity.org/files/111331/Cisco-Security-Advisory-20120328-pai.html Thu, 29 Mar 2012 05:01:47 GMT Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory. http://packetstormsecurity.org/files/111330/cisco-sa-20120328-ssh.txt http://packetstormsecurity.org/files/111330/cisco-sa-20120328-ssh.txt http://packetstormsecurity.org/files/111330/Cisco-Security-Advisory-20120328-ssh.html Thu, 29 Mar 2012 05:01:15 GMT Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.