40 matches found
OESA-2024-1669 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
OESA-2024-1592 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
OESA-2024-1596 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
SUSE CVE-2024-34340
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...
DEBIAN-CVE-2024-34340
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...
UBUNTU-CVE-2024-34340
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...
Important: php8.1
Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...
PT-2024-25797 · Cacti +3 · Cacti +3
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue lies in the compat password verify function, where md5-hashed user input is compared with the correct password in t...
AZL-40061 CVE-2024-3096 affecting package php for versions less than 8.3.6-1
In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...
PHP 安全漏洞
PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP where a password stored using the passwordhash function begins with a null byte x00, and testing a blank string as the password via the passwordverify function will incorrectly return true. the...
CLSA-2024-1714066065 Fix CVE(s): CVE-2024-3096
SECURITY UPDATE: improper handling of user input vulnerability - debian/patches/CVE-2024-3096.patch: Disallow null character in bcrypt password to prevent passwordverify from erroneously returning true - CVE-2024-3096...
UBUNTU-CVE-2024-3096
In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...
php: Password_verify() always return true with some hash
A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid...
Important: php
Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
CVE-2023-0567
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
UBUNTU-CVE-2023-0567
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2023-045-02)
The version of php installed on the remote host is prior to 7.4.33 / 8.0.28 / 8.1.16. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-02 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function...
PT-2023-9407 · Php +10 · Php +10
Name of the Vulnerable Software and Affected Versions: PHP versions 8.0.0 through 8.0.27 PHP versions 8.1.0 through 8.1.15 PHP versions 8.2.0 through 8.2.2 Description: The issue is related to the password verification function in PHP, which may accept some invalid Blowfish hashes as valid. If su...
The vulnerability of the /cloud_config/router_post/check_reset_pwd_verify_code function in TP-LINK’s WR-886N router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the /cloudconfig/routerpost/checkresetpwdverifycode function in TP-LINK’s WR-886N router software arises due to buffer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
PHP 'password_verify()' function out-of-bounds read denial of service vulnerability
PHP is a popular general-purpose scripting language that is particularly well suited for web development. A denial of service vulnerability exists in the PHP 'passwordverify' function. An attacker can exploit this vulnerability to cause a denial of service...