Search Results | AttackerKB

Show filters

Topics 31 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

31 Total Results

Displaying 21-30 of 31

Attacker Value

Unknown

CVE-2015-3963

Disclosure Date: August 04, 2015 (last updated October 05, 2023)

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

0

Attacker Value

Unknown

CVE-2013-0711

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.

0

Attacker Value

Unknown

CVE-2013-0716

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.

0

Attacker Value

Unknown

CVE-2013-0712

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.

0

Attacker Value

Unknown

CVE-2013-0713

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.

0

Attacker Value

Unknown

CVE-2013-0715

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.

0

Attacker Value

Unknown

CVE-2013-0714

Disclosure Date: March 20, 2013 (last updated October 05, 2023)

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.

0

Attacker Value

Unknown

CVE-2010-2968

Disclosure Date: August 05, 2010 (last updated October 04, 2023)

The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

0

Attacker Value

Unknown

CVE-2010-2967

Disclosure Date: August 05, 2010 (last updated October 04, 2023)

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

0

Attacker Value

Unknown

CVE-2010-2966

Disclosure Date: August 05, 2010 (last updated October 04, 2023)

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

0