Lucene search
K

2421 matches found

UbuntuCve
UbuntuCve
added 2012/11/21 11:55 p.m.19 views

CVE-2012-4409

Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...

6.8CVSS6.2AI score0.15019EPSS
Exploits6References3
Prion
Prion
added 2012/11/21 11:55 p.m.13 views

Stack overflow

Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...

6.8CVSS8.4AI score0.15019EPSS
Exploits6References9Affected Software1
Nmap
Nmap
added 2012/10/06 7:25 p.m.326 views

oracle-brute-stealth NSE Script

Exploits the CVE-2012-3137 vulnerability, a weakness in Oracle's O5LOGIN authentication scheme. The vulnerability exists in Oracle 11g R1/R2 and allows linking the session key to a password hash. When initiating an authentication attempt as a valid user the server will respond with a session key...

10CVSS0.99448EPSS
Exploits37
NVD
NVD
added 2012/09/21 11:55 p.m.24 views

CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

6.4CVSS6.4AI score0.31437EPSS
Exploits4References8
Prion
Prion
added 2012/09/21 11:55 p.m.16 views

Authentication flaw

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

6.4CVSS6.9AI score0.31437EPSS
Exploits4References8Affected Software2
Cvelist
Cvelist
added 2012/09/21 11:0 p.m.30 views

CVE-2012-3137

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...

6.3AI score0.31437EPSS
Exploits4References8
ThreatPost
ThreatPost
added 2012/09/20 1:53 p.m.6 views

Flaw in Oracle Logon Protocol Leads to Easy Password Cracking

There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user...

0.8AI score
Exploits0References1
0day.today
0day.today
added 2012/09/06 12:0 a.m.25 views

mcrypt <= 2.6.8 stack-based buffer overflow poc

Exploit for windows platform in category dos / poc !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when...

7AI score
Exploits0
Nmap
Nmap
added 2012/06/09 6:44 p.m.330 views

dns-nsec3-enum NSE Script

Tries to enumerate domain names from the DNS server that supports DNSSEC NSEC3 records. The script queries for nonexistant domains until it exhausts all domain ranges keeping track of hashes. At the end, all hashes are printed along with salt and number of iterations used. This technique is known...

10CVSS0.1AI score0.99448EPSS
Exploits33
UbuntuCve
UbuntuCve
added 2012/05/14 12:0 a.m.35 views

CVE-2012-2317

The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...

4.3CVSS6AI score0.02456EPSS
Exploits0References3
myhack58
myhack58
added 2012/05/11 12:0 a.m.26 views

PJBlog 3.2.9.518 getwebshell exploit-vulnerability warning-the black bar safety net

Author: do not go to the bell Version: PJblog 3.2.9.518(2012/5/9, When is the latest version The exploit conditions: 1, Using full static mode by default is a fully static mode 2, The user can post the default regular users can not post, so a little tasteless) Vulnerability description: PJblog...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2012/04/18 7:48 p.m.24 views

Anon Tweets About Hack, Gets Arrested

A 21 year-old Ohio man associated with the Anonymous Internet collective is in detention after boasting on Twitter about his involvement in the hack of the Utah Chiefs of Police Association and the Salt Lake City Police Department. John Anthony Borell III was charged with two counts of computer...

0.3AI score
Exploits0References2
Packet Storm
Packet Storm
added 2012/03/26 12:0 a.m.126 views

PcwRunAs 0.4 Password Obfuscation Design Flaw

Vuln Title: PcwRunAs Password Obfuscation Design Flaw Date: 26.03.2012 Author: Christian Landström, otr Software Link: http://www.pcwelt.de/downloads/pcwRunAs-1215998.html Version: = 0.4 Tested on: Windows CVE : CVE-2012-1793 Risk: high Type: Privilege Escalation Vendor: PC-Welt Timeline:...

1.7CVSS0.3AI score
Exploits1
Packet Storm
Packet Storm
added 2012/03/19 12:0 a.m.44 views

ManageEngine Device Expert 5.6 Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...

Exploits0
Zero Day Initiative
Zero Day Initiative
added 2012/02/08 12:0 a.m.20 views

Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability

This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AppCode.dll service listening by default on...

7.5CVSS6.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2011/08/25 6:55 p.m.67 views

CVE-2011-3268

Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483...

10CVSS6AI score0.05719EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2011/08/25 12:0 a.m.70 views

PHP 5.3.7 Cryptographic Vulnerability

PHP is prone to a cryptographic vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

4.3CVSS6.7AI score0.04205EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2011/08/24 11:51 a.m.14 views

PHP 5.3.8 Released, Fixes Crypto Bug

A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue. PHP 5.3.7, which...

7AI score
Exploits0References2
seebug.org
seebug.org
added 2011/08/24 12:0 a.m.32 views

PHP &quot;crypt()&quot; MD5 Salt安全漏洞

PHP是流行的脚本语言环境。 PHP在"crypt"函数的实现上存在安全漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 此漏洞源于"crypt"函数在生成有salt的MD5哈希时,仅返回salt PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2011/08/17 12:0 a.m.24 views

PHP -- crypt() returns only the salt for MD5

PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...

1.9AI score
Exploits0References1
Rows per page
Query Builder