FreeBSD : leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout (66dbb2ee-99b8-45b2-bb3e-640caea67a60)

When an upstream server aborts the transmission or stops sending data after the fetchnews program has requested an article header or body, fetchnews may crash, without querying further servers that are configured. This can prevent articles from being fetched. %NASLMINLEVEL 70300 C Tenable Network...

XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit

No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...

Leafnode < 1.11.3 TCP Timeout DoS

Binary data 3011.prm...

Bea Weblogic application server Server Console crossite scripting

Crossite scripting; no session cookie timeout is implemented...

TCP TIMESTAMPS Denial of Service Exploit

No description provided by source. / TCP does not adequately validate segments before updating timestamp value http://www.kb.cert.org/vuls/id/637934 RFC-1323 TCP Extensions for High Performance 4.2.1 defines how the PAWS algorithm should drop packets with invalid timestamp options: R1 If there is...

CVE-2001-1437

Technical details about CVE-2001-1437 are not publicly available in the provided documents; monitor for updates.

[SECURITY] [DSA 662-2] New squirrelmail package fixes regression

-------------------------------------------------------------------------- Debian Security Advisory DSA 662-2 [email protected] http://www.debian.org/security/ Martin Schulze March 14th, 2005 http://www.debian.org/security/faq -...

Debian DSA-662-2 : squirrelmail - several vulnerabilities

Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout. For completeness below is the original advisory text : Several vulnerabilities have been discovered in...

Eternal Lines Web Server DoS

Concurrent connections number is limited and timeout is not implemented...

DSA-662-1 squirrelmail - several

Bulletin has no description...

[SA13819] OpenBSD TCP Retransmission Timeout Calculation Denial of Service

TITLE: OpenBSD TCP Retransmission Timeout Calculation Denial of Service SECUNIA ADVISORY ID: SA13819 VERIFY ADVISORY: http://secunia.com/advisories/13819/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system OPERATING SYSTEM: OpenBSD 3.x http://secunia.com/product/100/ DESCRIPTION: A...

CVE-2004-1112

The buffer overflow trigger in Cisco Security Agent CSA before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute...

CVE-2004-2534

Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service connection consumption by sending a large number HTTP HEAD requests...

CVE-2004-1112

The buffer overflow trigger in Cisco Security Agent CSA before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute...

[SA13268] Fastream NETFile FTP/Web Server Multiple HEAD Requests Denial of Service

TITLE: Fastream NETFile FTP/Web Server Multiple HEAD Requests Denial of Service SECUNIA ADVISORY ID: SA13268 VERIFY ADVISORY: http://secunia.com/advisories/13268/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: Fastream NETFile FTP/Web Server 6.x http://secunia.com/product/2455/...

Sacred DoS

Server doesn't have connection timeout and doesn't support more than 17 connections...

Critical: Red Hat Security Advisory: krb5 security update

Updated krb5 packages that improve client responsiveness and fix several security issues are now available for Red Hat Enterprise Linux 3. Kerberos is a networked authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. Several double-free bug...

Painkiller 1.3.1 - Denial of Service

/ by Luigi Auriemma / include include include ifdef WIN32 include include "winerr.h" define close closesocket else include include include include include endif define VER "0.1" define BUFFSZ 2048 define PORT 3455 define TIMEOUT 3 define GAMEVER "1.3" define INFO "xfexfdx00xDExADxC0xDExffxffxff"...

CVE-2003-0637

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing...

vpop3d Denial Of Service.

Hi, Topic: vpop3d Denial Of service Product: vpop3d Note: This is implemented in several vhost packages, I can't name all of them, but vhost-3.05r3 is one. Vendor Notification: Notified several Vendors about the binary vpop3d that they are using in their packages, Original Author of vpop3d has be...