Vulnerabilities > ISS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-21 | CVE-2014-7725 | Cryptographic Issues vulnerability in ISS Rally Albania Live 2014 0.11 The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2006-09-05 | CVE-2006-4541 | Improper Input Validation vulnerability in ISS Blackice PC Protection RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. | 4.6 |
| 2006-08-05 | CVE-2006-3999 | Local Security vulnerability in ISS Blackice PC Protection 3.6Cpie/3.6Cpj ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. | 4.6 |
| 2006-07-27 | CVE-2006-3840 | Resource Management Errors vulnerability in ISS products The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode. | 5.0 |
| 2004-12-31 | CVE-2004-2126 | Unspecified vulnerability in ISS Blackice PC Protection The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. | 4.6 |
| 2004-12-31 | CVE-2004-2125 | Local Buffer Overrun vulnerability in Internet Security Systems BlackICE PC Protection blackd.exe Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value. | 4.6 |
| 2003-12-31 | CVE-2003-1527 | BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. | 4.3 |
| 2003-10-20 | CVE-2003-0702 | Unspecified vulnerability in ISS Realsecure Server Sensor 7.0 Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL. | 5.0 |
| 2002-10-04 | CVE-2002-0957 | Denial-Of-Service vulnerability in ISS Blackice Agent 3.1Eal/3.1Ebh The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. | 5.0 |
| 2002-05-17 | CVE-2002-1280 | Denial-Of-Service vulnerability in ISS Realsecure Event Collector 6.5 Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). | 5.0 |