[SECURITY] Fedora 11 Update: deltarpm-3.4-17.fc11

A deltarpm contains the difference between an old and a new version of a rpm, which makes it possible to recreate the new rpm from the deltarpm and the old one. You don't have to have a copy of the old rpm, deltarpms can also work with installed rpms...

http-date NSE Script

Gets the date from HTTP-like services. Also prints how much the date differs from local time. Local time is the time the HTTP request was sent, so the difference includes at least the duration of one RTT. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host,...

DEBIAN-CVE-2009-1273

pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...

Qcms1. 0 vulnerability analysis-vulnerability warning-the black bar safety net

The vulnerabilities are as follows: 1. Can download database. 2. Injection: The background of the login file See the Login. asplanding determination processing The code is as follows: adminname=trimrequest. Form"adminname" adminpassword=trimrequest. Form"adminpassword"...

DEBIAN-CVE-2009-0041

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on...

snort IDS protection bypass

Packet's fragments with significant TTL difference are ignored...

Re: [Full-Disclosure] THE VULNERABILITY STILL WORKS AFTER TODAY'S PATCH

Well it's not quite as easy as you make it sound I think you only took a look at http-equiv's example I posted to full disclosure and based your post on that. You see this: --snip-- iframe src="c:windowswebtip.htm" style="width:400px;height:200px;"/iframe textarea id="code" style="display:none;"...

DEBIAN-CVE-2004-0042

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames...

PT-2002-1566 · Ipfilter · Ipfilter

Name of the Vulnerable Software and Affected Versions: IPFilter versions 3.4.25 and earlier Description: The issue allows remote attackers to identify filtered ports by comparing TTLs, as IPFilter sets a different TTL when a port is being filtered than when it is not being filtered...

Check Point VPN-1 SecuRemote Flaw

Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 4185 VPN+Strong for Windows 2000 4.1 SP4 4185 VPN+Strong for Windows NT Description: During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed...

Lotus Notes Java VM leaks file existence through timing difference in ECLs

Overview Lotus Notes JVM leaks information about the existence of a file. Description A malicious Java applet run in the Lotus Notes web browser can determine if a local file exists. Notes' preferences must be set to browse the web using the Notes browser, with execution of Java applets...