postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

Debian DSA-3935-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7546 In some authentication methods empty passwords were accepted. - CVE-2017-7547 User mappings could leak data to unprivileged users. - CVE-2017-7548 The loput function ignored ACLs. For more in-depth...

FreeBSD : PostgreSQL vulnerabilities (982872f1-7dd3-11e7-9736-6cc21735f730)

The PostgreSQL project reports : - CVE-2017-7546: Empty password accepted in some authentication methods - CVE-2017-7547: The 'pgusermappings' catalog view discloses passwords to users lacking server privileges - CVE-2017-7548: loput function ignores ACLs %NASLMINLEVEL 70300 C Tenable Network...

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation's largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were ab...

GitLab: Access to GitLab's Slack by abusing issue creation from e-mail

Hi there, I found a way to become a verified GitLab team member on Slack. By doing so, I gained access to dozens of channels possibly containing sensitive information. Note that I deleted my account intidchackerone immediately afterwards and did not join, read or engage with any of those channels...

Exposed Localstart.asp Page

To restrict access to specific pages on a webserver, developers can implement various methods of authentication, therefore only allowing access to clients with valid credentials. There are several forms of authentication that can be used. The simplest forms of authentication are known as 'Basic'...

Microsoft Windows Authentication Methods Multiple Vulnerabilities (3199173)

This host is missing an important security update according to Microsoft Bulletin MS16-137. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

November 2016 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

November 2016 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 Summary This security updates includes improvements and fixes from update 3192403. To learn more about the non-security improvements and fixes in this update, see the October 18, 2016 — KB3192403 Previe...

November 2016 Security Monthly Quality Rollup for Windows Server 2012

November 2016 Security Monthly Quality Rollup for Windows Server 2012 Summary This security updates includes improvements and fixes from update 3192406. To learn more about the non-security improvements and fixes in this update, see the October 18, 2016 — KB3192406 Preview of Monthly Rollup entry...

MS16-137: Security Update for Windows Authentication Methods (3199173)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in Windows Virtual Secure Mode due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a...

Cumulative update for Windows 10 Version 1607 and Windows Server 2016: October 11, 2016

Cumulative update for Windows 10 Version 1607 and Windows Server 2016: October 11, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10 Version 1607 and Windows Server 2016. It also resolves the following vulnerabilities in Windows: 3193229 MS16-125...

October 2016 security monthly quality rollup for Windows 8.1 and Windows Server 2012 R2

October 2016 security monthly quality rollup for Windows 8.1 and Windows Server 2012 R2 Summary This security updates includes improvements and fixes from an update that was shipped earlier by update 3185279. To learn more about the non-security improvements and fixes in this update, see the...

Cumulative update for Windows 10 Version 1607: August 9, 2016

Cumulative update for Windows 10 Version 1607: August 9, 2016 Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these...

impacket

Impacket ======== !Latest Versionhttps://img.shields.io/pyp...

Visa, MasterCard Remove Passwords from 3D Secure

Payment giants Visa and MasterCard announced plans to eliminate the need for password authentication in the companies’ respective “Verified by Visa” and “SecureCode” payment platforms which are designed to add an additional layer of security to online transactions. In a press release, MasterCard...

Smartphone Owners Lack Motivation to Adequately Lock Devices

A quarter of smartphone owners don’t lock their devices because they don’t believe they have any data worth protecting. Even more refrain from doing it because they feel like it’s too much of a hassle. That’s at least according to a new study carried out by six researchers, four from the Universi...