CVE-2003-0637

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing...

vpop3d Denial Of Service.

Hi, Topic: vpop3d Denial Of service Product: vpop3d Note: This is implemented in several vhost packages, I can't name all of them, but vhost-3.05r3 is one. Vendor Notification: Notified several Vendors about the binary vpop3d that they are using in their packages, Original Author of vpop3d has be...

CVE-2003-0637

Novell iChain 2.2 before Support Pack 1 is affected. The issue arises because the authentication timeout for non-existent users is shorter than for valid users, enabling remote attackers to enumerate usernames and perform brute-force password guessing. The root cause is the uneven timeout handlin...

ATFTP 0.7 - Timeout Command Line Argument Local Buffer Overflow

ATFTP 0.7 - Timeout Command Line Argument Local Buffer Overflow source: https://www.securityfocus.com/bid/7902/info atftp is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient bounds checking performed on input supplied to the command line parameter -t for...

ipfilter denial of service problem

Below is an ipfilter security issue, and my previous mail to author Darren was bounced back, so I think maybe I should mail it to this mailing list. Overview -- Anytime ipfilter see a packet with ACK bit set without the previous SYN, it will marked it as TCPSESTABLISHED in it's state table, and f...

CVE-2002-2243

Akfingerd 0.5 and possibly earlier versions only allows one connection at a time and does not time out connections, which allows remote attackers to cause a denial of service refused connections by opening a connection and not closing it...

CVE-2002-1265

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service hang...

MDaemon DoS

Сервер разрешает только одно соединение, которое не отключается по таймауту. Кроме того, имеется переполнение буфера в IMAP...

Multiple Symantec Firewall Secure Webserver timeout DoS

Advanced IT-Security Advisory 01-10-2002 http://www.ai-sec.dk/ Issue: ====== Multiple Symantec Firewall Secure Webserver timeout DoS Problemdescription: =================== There exists a problem in "Simple, secure webserver 1.1" which is shipped with numerous Symantec firewalls, in which an...

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache...

CVE-2002-0428

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the toexpire or expire values in the client's users.C configuration file...

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache...

CVE-2002-0428

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the toexpire or expire values in the client's users.C configuration file...

Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)

Affected products : All versions of Checkpoint FW1 when used with SecuRemote/SecureClient Namely 4.0, 4.1 at any SP level, and NG FP1 http://www.checkpoint.com/products/security/vpn-1clients.html Description : Checkpoint Firewall-1 SecuRemote/SecureClient "authentication timeout" defined in FW1's...

DoS против SphereServer/Ultima Online

Нет таймаута на соединение до проверки имени пользователя и ограничения числа коннектов с одного IP...

Security Issue in Icewarp

Icewarp is one the world's most used web mail software. It's another product of Merak Mail developers. There is an seccurity issue in Icewarp. It's like this: When you create a new user , icewarp gives him a static number. If this user does not logout after checking his inbox you can access his...

Beck IPC@Chip TelnetD vulnerable to account lockout via idle telnet connection

Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to create a denial-of-service condition. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that is configured by default to not have a login timeout. Additionally,...

CVE-1999-1151

Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password...

DoS против Marconi (multiple connections DoS)

Поддерживается ограниченное число одновременных telnet-сеансов без таймаута авторизации...

DoS против Mathematica

License menager поддерживает только одно подключение клиента и не имеет таймаута...