ons software vulnerabilities
vulnerabilities.aspcode.net
Searching ons software vulnerabilities
Cisco ONS15454 and ONS15327 running ONS before
configuration
|
establishing
|
connection
|
attackers
|
username
|
password
|
ONS15454
|
ONS15327
|
running
|
delete
|
system
|
before
|
allows
|
modify
|
remote
|
Cisco
|
using
|
files
|
exist
|
does
|
TCC+
|
not
|
FTP
|
TCC
|
ONS
|
XTC
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
Cisco ONS15454 and ONS15327 running ONS before
privileges
|
cleartext
|
passwords
|
usernames
|
obtaining
|
attackers
|
database
|
ONS15327
|
ONS15454
|
running
|
stores
|
backup
|
before
|
could
|
allow
|
which
|
image
|
Cisco
|
gain
|
TCC+
|
ONS
|
TCC
|
XTC
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
Cisco ONS15454 and ONS15327 running ONS before
information
|
community
|
attackers
|
sensitive
|
ONS15327
|
"public"
|
ONS15454
|
running
|
changed
|
allows
|
obtain
|
remote
|
string
|
before
|
cannot
|
Cisco
|
which
|
SNMP
|
uses
|
ONS
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
Cisco ONS15454 and ONS15327 running ONS before
attackers
|
ONS15327
|
ONS15454
|
service
|
running
|
denial
|
allows
|
before
|
Cisco
|
cause
|
ONS
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
Cisco ONS15454 and ONS15327 running ONS before
attackers
|
ONS15327
|
ONS15454
|
service
|
running
|
denial
|
allows
|
before
|
Cisco
|
cause
|
ONS
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
Cisco ONS15454 and ONS15327 running ONS before
connecting
|
privileges
|
attackers
|
Operating
|
ONS15327
|
ONS15454
|
disabled
|
running
|
changed
|
account
|
VxWorks
|
cannot
|
Telnet
|
allows
|
System
|
before
|
remote
|
which
|
Cisco
|
gain
|
have
|
TCC+
|
ONS
|
via
|
XTC
|
TCC
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
Multiple versions of Cisco ONS 15327, ONS 15454
versions
|
Multiple
|
Cisco
|
ONS
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets.
Multiple versions of Cisco ONS 15327, ONS 15454
versions
|
Multiple
|
Cisco
|
ONS
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets.
Multiple versions of Cisco ONS 15327, ONS 15454
versions
|
Multiple
|
Cisco
|
ONS
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.
Multiple versions of Cisco ONS 15327, ONS 15454
versions
|
Multiple
|
Cisco
|
ONS
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK).
The Transaction Language 1 (TL1) login interfac
Transaction
|
Language
|
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
Cisco ONS 15216 Optical Add/Drop Multiplexer (O
Cisco
|
ONS
|
Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data.
Control cards for Cisco Optical Networking Syst
Networking
|
Optical
|
Control
|
System
|
cards
|
Cisco
|
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before Wednesday, April 05, 2006 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910.
Control cards for Cisco Optical Networking Syst
Networking
|
Optical
|
Control
|
System
|
cards
|
Cisco
|
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before Wednesday, April 05, 2006 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558.
The installation of Cisco Transport Controller
installation
|
Controller
|
Transport
|
Cisco
|
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
Unspecified vulnerability in Oracle HTTP Server
vulnerability
|
Unspecified
|
Server
|
Oracle
|
HTTP
|
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of Tuesday, January 23, 2007, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).
Software vulnerabilities results 1 to 17 of 17
Page:
1