5HP0G1FAAC.txt

Title 9/6/2003 Multiple Vulnerabilities Found in Mailtraq DoS, Password Decryption, Directory Traversal Summary Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". The product suffered from multiple vulnerabilities that range from access to files...

[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 288-1 [email protected] http://www.debian.org/security/ Martin Schulze April 17th, 2003 http://www.debian.org/security/faq -...

Computer Associates - Unicenter Asset Manager Stored Secret Data Decryption

Computer Associates - Unicenter Asset Manager Stored Secret Data Decryption source: https://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain...

Computer Associates - Unicenter Asset Manager Stored Secret Data Decryption

source: https://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain access to potentially sensitive resources. !/usr/bin/perl...

SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery

The remote host is running a version of SSH Communications Security SSH comprised between versions 1.2.27 and 1.2.30. With Secure-RPC, this version can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private ke...

CVE-2002-1872

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption XOR, which allows remote attackers to sniff and decrypt the password...

CVE-2002-2207

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret...

DEBIAN-CVE-2002-2207

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret...

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...

CVE-2001-1260

Technical details about CVE-2001-1260 (affected products, versions, impact, remediation) are not publicly available in the provided documents. Monitor for updates.

CVE-1999-1098

Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing...

CVE-2001-1003

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges...

[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability

---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...

CVE-2001-0361

CVE-2001-0361 affects SSH v1.5 implementations, notably OpenSSH up to 2.3.0, AppGate, and ssh-1 up to 1.2.31, when configured in certain ways. The issue enables a remote attacker to decrypt and/or alter traffic via a Bleichenbacher attack on PKCS#1 version 1.5. The connected PT security entries (...

CVE-1999-1078

WSFTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges...

CVE-1999-1540

CVE-1999-1540 affects Cactus Software Shell Lock, where weak encryption (trivial encoding) enables local attackers to decrypt and obtain the source code. According to NVD, the baseline impact is Partial confidentiality with no integrity or availability impact, and the exploit is local with low ov...

UltraEdit 8.2 - FTP Client Weak Password Encryption

source: https://www.securityfocus.com/bid/3234/info UltraEdit is a multi-featured commercial text editor with support for HTML, C/C++, VB, Java, Perl, XML, and C. It also includes a hex editor and a small FTP client. UltraEdit's FTP client has a feature which will remember FTP passwords for later...

Sambar Server 4.x5.0 - Insecure Default Password Protection

Sambar Server 4.x5.0 - Insecure Default Password Protection source: https://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password...