poppassd_pam: Unauthorized password changing

Background poppassdpam is a PAM-enabled server for changing system passwords that can be used to change POP server passwords. Description Gentoo Linux developer Marcus Hanwell discovered that poppassdpam did not check that the old password was valid before changing passwords. Our investigation...

mit-krb5: Heap overflow in libkadm5srv

Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...

KisMAC multiple bugs

Ownership changing, symlink problem, uncommented shell-characters...

MySQL 3.22.27/3.22.29/3.23.8 - GRANT Global Password Changing

source: https://www.securityfocus.com/bid/926/info MySQL is a popular RDBMS used by many websites as a back-end. It is possible for users with GRANT access to change passwords for every user in the database including the mysql superuser. MySQL also ships with a default "test" account which has...