-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:086
http://www.mandriva.com/security/
vBulletin - Insecure Custom BBCode Tags
Versions Affected: 3.8.4 PL2 (Most likely all versions)
Info:
Content publishing, search, security, and morevBulletin has it all. Whether
its available features, support, or ease-of-use, vBulletin offers the most for
your money. Learn more about
On Wed, Apr 28, 2010 at 05:26:09PM -0400, Jason T. Masker scribbled thusly:
> Best practice is to implement layer 2 security mechanisms which would
> identify these ports as "access" ports and shut them down if any STP
> traffic was received through these interfaces. On Cisco equipment,
> this is k
Portfast modifies STP, it does not disable it.
This does make a good argument for pvst and similar technologies running at the
vlan level for enterprise networking.
But it is probably best to assume someone with access to a segment can see
everything on that segment, pretend to be anyone else
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:087
http://www.mandriva.com/security/
Hello Bugtraq!
I want to warn you about security vulnerabilities in system CCMS - Clan
Content Management System.
In this advisory I'm continue to inform readers of mailing lists about
vulnerable web applications which are using CaptchaSecurityImages.php. If
you read Bugtraq you can saw the lett
Vulnerability Info:
26/04/2010 Issue Discovered 26/04/2010 Vendor Notified
27/04/2010 Vendor Conformed Class: Cross-Site Scripting (Input
validation)
Severity: Medium
Overview:
-
Apache ActiveMQ is prone to cross-site scripting vulnerability.
Te
> Portfast modifies STP, it does not disable it.
Well, right, the interface configured with it goes straight from
blocking to forwarding. You got the idea.
>
> This does make a good argument for pvst and similar technologies running at
> the vlan level for enterprise networking.
I don't see th
## INTRO ##
In response to last year's high interest in the Krakow edition of
CONFidence we would like to sincerely inform and invite you to the
next event which will be held in Krakow, on the 25-26 May.
## CONFidence & PH-NEUTRAL ##
CONFidence is an internationally
Jann Horn wrote on 04/28/2010 12:20:55 PM:
> From:
>
> Jann Horn
>
...
> If you had a WLAN-link, you could simplify that a lot - as far as I
> understand, you are able to make the switches redirect the traffic to
> your machines.
> Anyway, this attack sounds like something a good switch can easil
Hello,
Before the Cisco network-witty guys will start poking around calling it a fudge
and welcoming you to the last week, I might outline this for you:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/Baseline_Security/sec_chap7.html#wp1058965
It's a feature, not a bug, and it's as
> Disadvantages of method.
> - stops whole traffic beetween switches, and needs delicate timing
> - when link beetween switch 1 and 2 is working we can't see frames that
> flying across wire
The whole Attack is theoretically possible. But only theoretically, because of
the point that a flapping l
Le mercredi 28 avril 2010 à 18:20 +0200, Jann Horn a écrit :
> Am Dienstag, den 27.04.2010, 19:55 +0200 schrieb Przemyslaw Borkowski:
> > Second scenario:
> > 1. Station C and station D starts to send frames to break link beetween
> > switch 1 and switch 2, and announce non existing connection and
===
Ubuntu Security Notice USN-933-1 April 28, 2010
postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
CVE-2010-0442
===
A security issue affects the following Ubun
14 matches
Mail list logo
