Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sourcefire vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-0209
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and previous versions allows remote malicious users to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
Sourcefire Snort 1.8.5
Sourcefire Snort 1.8.6
Smoothwall Smoothwall 2.0 Beta 4
Sourcefire Snort 1.8
Sourcefire Snort 1.8.7
Sourcefire Snort 1.9
Sourcefire Snort 1.8.1
Sourcefire Snort 1.8.2
Sourcefire Snort 1.9.1
Sourcefire Snort 1.8.3
Sourcefire Snort 1.8.4
1 EDB exploit
NA
CVE-2010-2306
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote malicious users to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
Sourcefire 3d2000
Sourcefire 3d9900
Sourcefire 3d1000
Sourcefire Dc1000
NA
CVE-2006-2769
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 up to and including 2.4.4 allows remote malicious users to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
Sourcefire Snort 2.4.4
Sourcefire Snort 2.4
Sourcefire Snort 2.4.1
Sourcefire Snort 2.4.2
Sourcefire Snort 2.4.3
1 EDB exploit
NA
CVE-2009-2344
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor prior to 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
Sourcefire 3d Sensor 4.8
Sourcefire 3d Sensor 4.8.0.4
Sourcefire Defense Center 4.8
Sourcefire Defense Center 4.8.0.3
Sourcefire Defense Center
Sourcefire 3d Sensor 4.8.0.3
Sourcefire Defense Center 4.8.0.4
Sourcefire 3d Sensor
1 EDB exploit
NA
CVE-2004-2652
The DecodeTCPOptions function in decode.c in Snort prior to 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote malicious users to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
Sourcefire Snort 2.1.0
Sourcefire Snort 2.1.1 Rc1
Sourcefire Snort 2.1.3
Sourcefire Snort 2.2
2 EDB exploits
NA
CVE-2005-3252
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort prior to 2.4.3 allows remote malicious users to execute arbitrary code via a crafted UDP packet.
Sourcefire Snort 2.4.1
Sourcefire Snort 2.4.2
Sourcefire Snort 2.4.0
5 EDB exploits
NA
CVE-2006-5276
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort prior to 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote malicious users to execute arbitrary code via crafted SMB traffic.
Snort Snort 2.6.1
Snort Snort 2.6.1.1
Sourcefire Intrusion Sensor 4.6
Snort Snort
Sourcefire Intrusion Sensor 4.5
Snort Snort 2.7 Beta1
Sourcefire Intrusion Sensor 4.1
4 EDB exploits
NA
CVE-2006-0839
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote malicious users to evade detection of certain attacks, possibly related to IP option lengths.
Sourcefire Snort 2.4.3
5.4
CVSSv3
CVE-2020-3320
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabil...
Cisco Firepower Management Center
Cisco Sourcefire Defense Center 6.4.0
Cisco Sourcefire Defense Center 6.4.0.6
Cisco Sourcefire Defense Center 6.5.0
Cisco Sourcefire Defense Center 6.6.0
4.8
CVSSv3
CVE-2021-34763
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an malicious user to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the De...
Cisco Firepower Management Center Virtual Appliance 6.1.0
Cisco Firepower Management Center Virtual Appliance 6.2.0
Cisco Firepower Management Center Virtual Appliance 6.2.3
Cisco Sourcefire Defense Center 6.4.0
Cisco Sourcefire Defense Center 6.5.0
Cisco Sourcefire Defense Center 6.6.0
Cisco Firepower Threat Defense
Cisco Firepower Management Center Virtual Appliance 6.3.0
Cisco Sourcefire Defense Center 6.1.0
Cisco Sourcefire Defense Center 6.2.0
Cisco Sourcefire Defense Center 6.2.3
Cisco Sourcefire Defense Center 6.3.0
Cisco Sourcefire Defense Center 7.1.0
Cisco Firepower Management Center Virtual Appliance 7.1.0
Cisco Sourcefire Defense Center 6.6.1
Cisco Sourcefire Defense Center 6.7.0
Cisco Sourcefire Defense Center 7.0.0
Cisco Firepower Management Center Virtual Appliance 6.4.0
Cisco Firepower Management Center Virtual Appliance 6.5.0
Cisco Firepower Management Center Virtual Appliance 6.6.0
Cisco Firepower Management Center Virtual Appliance 6.6.1
Cisco Firepower Management Center Virtual Appliance 6.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »