[CLOSE] OSVDB ID : 83314 - Disclosed: 2012-03-02

Description:

389 Directory Server contains multiple flaws that may allow denials of service. The issue is triggered when any one of several unspecified errors occur, and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 75072 - Disclosed: 2010-12-16

Description:

(Description Provided by CVE) : Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.

[CLOSE] OSVDB ID : 79306 - Disclosed: 2012-01-05

Description:

(Description Provided by CVE) : The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.

[CLOSE] OSVDB ID : 75073 - Disclosed: 2011-01-10

Description:

(Description Provided by CVE) : slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

[CLOSE] OSVDB ID : 84083 - Disclosed: 2010-12-06

Description:

389 Directory Server is prone to an overflow condition. The UUID generator fails to properly sanitize user-supplied input resulting in an overflow. This may allow a remote attacker to cause a denial of service or execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 6700 - Disclosed: 2002-04-15

Description:

(Description Provided by CVE) : Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.

[CLOSE] OSVDB ID : 20832 - Disclosed: 2005-11-14

Description:

3CFR contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'LangueID' and 'ThemeID' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 12809 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

[CLOSE] OSVDB ID : 12810 - Disclosed: 2005-01-04

Description:

A remote overflow exists in 3CDaemon. The FTP application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12812 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

[CLOSE] OSVDB ID : 12811 - Disclosed: 2005-01-04

Description:

A remote overflow exists in 3CDaemon. Multiple FTP commands fail to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long parameter, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12813 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 12808 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.

[CLOSE] OSVDB ID : 12549 - Disclosed: 2004-12-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10787 - Disclosed: 2004-10-13

Description:

The 3Com 3CRADSL72 contains a flaw that may lead unauthorized access to the entire administrative interface. The issue is due to the app_sta.stm page not requiring authentication to access. From this page, attackers can then use the links on the page to access the rest of the administrative section.

[CLOSE] OSVDB ID : 10764 - Disclosed: 2004-10-13

Description:

3CRADSL72 Router contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user accesses the app_sta.stm page, which will disclose user name, password, primary/secondary DNS, and default gateway information. The user name and password disclosed are the ones used for ISP access.

[CLOSE] OSVDB ID : 15181 - Disclosed: 2005-04-02

Description:

3Com 3CRADSL72 Router contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly calls the config.bin file and downloads it, which will disclose all details about the configuration of the router.

[CLOSE] OSVDB ID : 89354 - Disclosed: 2002-09-23

Description:

By default, 3Com 3CRWE52196 installs with default user credentials (username/password combination). The administrator account has not account name and has a password of 'admin', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 45490 - Disclosed: 2007-10-10

Description:

(Description Provided by CVE) : The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.

[CLOSE] OSVDB ID : 43657 - Disclosed: 2007-10-10

Description:

(Description Provided by CVE) : The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.

[CLOSE] OSVDB ID : 13703 - Disclosed: 2005-02-07

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.

[CLOSE] OSVDB ID : 30758 - Disclosed: 2006-11-26

Description:

A memory corruption flaw exists in 3CDaemon. 3CTftpSvc fails to validate the 'mode' field in GET and PUT commands resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 52590 - Disclosed: 2009-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 89358 - Disclosed: 2006-11-17

Description:

By default, 3Com 5000/6000 Series Routers install with default user credentials (username/password combination). The 'admin' account has a password of 'admin', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 6059 - Disclosed: 2001-06-20

Description:

SNMP agents in 3Com AirConnect and Symbol Access Point may allow a remote attacker to obtain the WEP encryption key. The issue is triggered when the SNMP agents reveals the WEP encryption key in response to SNMP queries for the dot11WEPDefaultKeysTable in the IEEE 802.11 MIB or the the ap128bWEPKeyTable in the 3ComAP MIB. It is possible that the flaw may allow a remote attacker to undermine authentication and privacy protection mechanisms for wireless clients, resulting in further access to the wireless network.

[CLOSE] OSVDB ID : 785 - Disclosed: 2002-09-12

Description:

By default, the AirConnect wireless access point installs with a default password. The comcomcom account has a password of comcomcom which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 24942 - Disclosed: 2006-04-25

Description:

3Com Baseline Switch 2848-SFP contains a flaw that may allow a remote denial of service. The issue is triggered when the switch receives a DHCP packet that exceeds 342 bytes in length, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 42316 - Disclosed: 2008-02-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 68297 - Disclosed: 2010-09-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64511 - Disclosed: 2010-05-10

Description:

Unknown / Incomplete