Cisco Security Advisories - 29FEB2011
Cisco has issued five security advisories today, including:
- Cisco Cius Denial of Service Vulnerability
- Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities
- Multiple Vulnerabilities in Cisco Unity Connection
- Multiple Vulnerabilities in Cisco Wireless LAN Controllers
- Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities
Adverse conditions include DoS, directory traversal, command injection, unauthenticated upload, privilege escalation, and protocol manipulation. Test and update as appropriate.
[Update (JBU) ] The "Skinny" vulnerability sounds interesting as it does allow the execution of SQL code on the device. SQL injection via Skinny is certainly an interesting attack vector. Another more serious vulnerability is the configuration access problem and access control bypass in wireless LAN controllers.
ISC Feature of the Week: 404Project Reports
Overview
Previously we featured the 404Project https://isc.sans.edu/diary/ISC+Feature+of+the+Week+The+404Project/12415 As we mentioned, the main purpose of this project is to trend the web pages crawlers and automated bots are trying to access.
We've had a good number of submitters add this script to their error page and have been collecting data for a while now. We made a few summary reports to get started trending the information. The project has been moved to its own space but the old pages should still get you to https://isc.sans.edu/404project/.
Report Information
The summary reports can be viewed at https://isc.sans.edu/404project/reports.html. The page is generated once a day for the previous day's data. The tables have descriptions for each field so I will just list them and summarize here.
Daily Totals
- Complete summary totals for the given date
Top 10 Submitted URLs
- Note the percentage is based on the max a particular URL has been submitted meaning if the submissions that particular day have been the most ever, the graphic will be out at 100%
Top 10 User Agents Submitting
- User Agents with counts and unique submitters and URLs
API Information
We've also added a couple API interfaces if you'd like to view previous data.
https://isc.sans.edu/api/#daily404summary
- Each days totals. Accepts date and limit.
https://isc.sans.edu/api/#daily404detail
- Each days details. Accepts date and limit. (Look for more fields output in the future)
Let us know in the section below if you have suggestion or feedback about these preliminary reports or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html
--
Adam Swanger, Web Developer (GWEB)
Internet Storm Center (http://isc.sans.edu)
COX Network Outage
Based on submissions from users, and reports posted on twitter, COX appears to experience a major outage affecting it's data services. For VoIP customers, voice service appears to be affected as well.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
9 months ago