PT-2023-9407 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0.0 through 8.0.27 PHP versions 8.1.0 through 8.1.15 PHP versions 8.2.0 through 8.2.2 Description: The issue is related to the password verification function in PHP, which may accept some invalid Blowfish hashes as valid. If su...

dovecot: Privilege escalation when similar master and non-master passdbs are used

A vulnerability was found in the Dovecot IMAP Server. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrect settings can lead...

PT-2022-3492 · Dovecot +10 · Dovecot +10

Name of the Vulnerable Software and Affected Versions: Dovecot versions 2.2 through 2.3.19 Description: An issue in the auth component of Dovecot can lead to an unintended security configuration, permitting privilege escalation in certain configurations. This occurs when two passdb configuration...

CVE-2021-23855

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables...

CVE-2020-35567

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances...

Privilege Escalation

seamonkey is vulnerable to privilege escalation. The vulnerability exists if a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data...

samba: SAMR and LSA man in the middle attacks

A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...

MGASA-2015-0483 Updated keepassx packages fix CVE-2015-8378

Updated keepassx package fixes security vulnerability: Cancelling an export operation creates clear text copy of all of the user's KeePassX password database entries. CVE-2015-8378...

openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods CVE-2011-2483. SUSE's crypt implementation supports the blowfish password hashing...

openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods CVE-2011-2483. SUSE's crypt implementation supports the blowfish password hashing...

openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)

This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected...

rpi-update tmpfile vulnerability

Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...

Nmap NSE 6.01: ftp-brute

Performs brute force password auditing against FTP servers. This uses the standard unpwdb username/password list. However, in tests FTP servers are significantly slower than other servers when responding, so the number of usernames/passwords can be artificially limited using script arguments...

Nmap NSE 6.01: pop3-brute

Tries to log into a POP3 account by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. pop3loginmethod: The login method to use: ''USER'' default, ''SASL-PLAIN'', ''SASL-LOGIN'', ''SASL-CRAM-MD5'', or ''APOP''. unpwdb.passlimit: The maximum number of...

Nmap NSE 6.01: telnet-brute

Tries to get Telnet login credentials by guessing usernames and passwords. SYNTAX: userdb: The filename of an alternate username database. unpwdb.passlimit: The maximum number of passwords 'passwords' will return default unlimited. passdb: The filename of an alternate password database...

Nmap NSE 6.01: snmp-brute

Attempts to find an SNMP community string by brute force guessing. This script opens a sending socket and a sniffing pcap socket in parallel threads. The sending socket sends the SNMP probes with the community strings, while the pcap socket sniffs the network for an answer to the probes. If valid...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419 Several flaws wer...

SuSE 11.1 Security Update : glibc (SAT Patch Number 4944)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods. CVE-2011-2483 SUSE's crypt implementation supports the blowfish password hashing...

SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035

Check for the Version of glibc,pam-modules,libxcrypt,pwdutils OpenVAS Vulnerability Test SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

Nmap NSE net: smtp-enum-users

Attempts to enumerate the users on a SMTP server by issuing the VRFY, EXPN or RCPT TO commands. The goal of this script is to discover all the user accounts in the remote system. The script will output the list of user names that were found. The script will stop querying the SMTP server if...