PHP is prone to an overflow condition. The Sybase-DB module fails to properly sanitize user-supplied input resulting in an overflow. With a specially crafted numeric data string, a remote attacker can potentially cause a loss of availability or execute arbitrary code.
(Description Provided by CVE) : Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.
The 'man.sh' CGI script contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.
Many old Award BIOS chips contained default passwords installed by the manufacturer to aid in tech support issues. Mid to late 1990's Award BIOS were often found to have one of the following default/backdoor passwords: "Condo", "AWARD_SW", "j332", and "589589".
FreeBSD contains a flaw that may allow a malicious user to spoof a connection. The issue is triggered when a TCP CC larger than the one currently in per-host cache is sent to the victim platform. It is possible that the flaw may allow spoofing attacks resulting in a loss of integrity.
(Description Provided by CVE) : Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
3Com Total Control NETServer Card contains a flaw that may allow a remote attacker to bypass filtering mechanisms. The issue is triggered when a port is set to "set host prompt", which allows an remote attacker to bypass restrictions by providing the hostname twice at the "host:" prompt, and gain unauthorized access to the system.
Check Point FireWall-1 contains a flaw that may allow attackers access to resources that were intended to be restricted. The issue is due to a flaw in the firewall keyword mechanism and certain keywords being reserved. When a reserved keyword is used, the firewall rule will default to "ANY" which may allow traffic to a resource that was intended to be blocked.
By default, 3Com SuperStack II Switches install with multiple default accounts. The monitor, manager and security accounts each have a password the same as the account name, which is publicly known and documented. This allows attackers to trivially access the program or system.
(Description Provided by CVE) : Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
By default, multiple 3Com switches install with a default password. The 'debug' account has a password of 'synnet' which is publicly known and documented. This allows attackers to trivially access the program or system.
By default, multiple 3Com routers install with a default password. The 'tech' account has a password of 'tech' which is publicly known and documented. This allows attackers to trivially access the program or system.
By default, multiple Quake products install with a default password that can be used as a backdoor. The issue is triggered by the program allowing an attacker to remotely send commands to the quake console. A remote attacker may be able to bypass authentication via a specially crafted UDP packet with a header containing the rcon command and the "tms" password with a source IP coming from ID software's subnet. When this is exploited, no logs are reported of the rcon command being used and the attacker may compromise an administrators access on any Quake server.
(Description Provided by CVE) : Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.