Denial of service in Cajun P13x/P33x switch family firmware 3.x

1. Problem Description There exists a denial of service attack in the AVAYA Cajun P33x and P13x switch family with firmware versions 3.x. It is possible to stop the switch for 30 seconds. By repeating the attack access can be denied for arbitrarily long periods of time. 2. Tested systems The

[SECURITY] [DSA-324-1] New ethereal packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 324-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 18th, 2003

Portmon file arbitrary read/write access vulnerability

Package: Portmon Auth: http://www.aboleo.net/ Version(s):1.7 (prior ?) Vulnerability: File arbitrary read/write access vulnerability Portmon is a network service monitoring daemon (http://www.aboleo.net/software/portmon/). In order to use ping support, Portmon must run

[slackware-security] 2.4.21 kernels available (SSA:2003-168-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01) Precompiled Linux 2.4.21 kernels and source packages are now available for Slackware 9.0 and -current. These provide an improved version of the ptrace fix that had been applied to

MHFTPD vulnerability

Product : MidHosting FTPd Date: 06/18/2003 Author : Frank Denis [EMAIL PROTECTED] [ Product description ] MidHosting FTPd is an FTP server designed for hosting servers, based upon virtual ftpd with support for chroot, virtual users and

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures Product: phpMyAdmin Vendor: phpMyAdmin Development Team Versions: VULNERABLE - 2.5.2 CVS ( in Development ) - 2.5.x

MIPSPro Compiler Predictable Temp File vulnerability

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: MIPSPro Compiler Predictable Temp File vulnerability Number: 20030605-01-A Date: June 17, 2003

Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files (GM#013-IE)

object type=application/xml data=http://www.yahoo.com; width=500 height=500 /object This produces a warning in IE6 before it does anything with it. Kevin Spett SPI Labs http://www.spidynamics.com Generaly html files are not well formed xml so it shouldnt be difficult to get this to work

Re: CuteFTP 5.0 XP, Buffer Overflow

In-Reply-To: [EMAIL PROTECTED] Re: thread below, the new LIST defect and long URL buffer overflow defect have been fixed in version 5.0.2 (released June 9th). This version is available at: http://www.globalscape.com/cuteftp and ftp://ftp.cuteftp.com/pub/cuteftp Please uninstall 5.0.1, 5.0 or

old squid remote

that's a one year old exploit against squid ftp:// parsing heap overflow -- _ ASCII ribbon campaign ( ) www.eff.org - against HTML email X GPG key : pgp.mit.edu vCards / \[EMAIL PROTECTED] /** ** *OLD* *OLD* *OLD*

Resolution of Issue - Compaq Insight Manager - related to Bugtraq ID 2500

Following considerable investigations by the HP Team responsible for the CIM Agents component in Compaq Insight Manager, it has been agreed that this is not an issue with CIM, and I am happy to state that this bugtraq post, regarding ftp over CIM, should be withdrawn. A combination of testing

[SECURITY] [DSA-316-3] New jnethack packages fix buffer overflow, incorrect permissions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 316-3 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 17th, 2003

Perl Safe.pm vulnerability on IRIX

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title : Perl Safe.pm vulnerability Number: 20030606-01-A Date : June 17, 2003 Reference : SGI BUG 876818 Reference

MDKSA-2003:069 - Updated BitchX packages fix DoS vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: BitchX Advisory ID:

ASP replacement for ISM.DLL available

In an effort to provide customers with greater defense in depth, Microsoft has released an Active Server Pages (ASP) replacement for the Internet Information Server 4 and Internet Information Services 5 change password capability, ISM.DLL. This new script code no longer runs as SYSTEM, therefore

Multiple buffer overflows and XSS in Kerio MailServer

Issue : Multiple buffer overflows and XSS in Kerio MailServer Version affected 5.6.3 ( last in kerio website ) Vendor status : Vendor was notified Description : Kerio develop a mail server with support for Imap , Pop3, Smtp and SSL protocols . Besides , it includes a webmail . This webmail

PALM DESKTOP SOFTWARE / WIN 2000

If a Win NT/2000 Workstation is locked, and a Palm Cradle is connected with Palm Desktop Software running, information can still be retrieved and loaded into the Palm device from the PC without logging into the workstation. Scott R. Patronik [EMAIL PROTECTED]

[RHSA-2003:196-01] Updated Xpdf packages fix security vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Red Hat Security Advisory Synopsis: Updated Xpdf packages fix security vulnerability Advisory ID: RHSA-2003:196-01 Issue date:2003-06-18

ConnecTalk Security Advisory: Qpopper leaks information during authentication

= ConnecTalk Inc. Security Advisory Topic: Qpopper leaks information during authentication Vendor: Eudora Product: qpopper 4.0.4 and qpopper 4.0.5 Note: other versions have not been tested. Problem

Re: ConnecTalk Security Advisory: Qpopper leaks information duringauthentication

This bug does not exist in QPopper 3.x, as it simply closes the connection regardless of whether the username is valid or not. Regards, Justin Wheeler -- Programmer - A red-eyed, mumbling mammal capable of conversing with inanimate objects. On Wed, 18 Jun 2003, Marc Lafortune wrote: