CVE-2017-5999

The vulnerability CVE-2017-5999 affects sysPass 2.x before 2.1. The root cause is a cryptographic implementation using MCRYPT_RIJNDAEL_256() (256-bit block version) instead of MCRYPT_RIJNDAEL_128 (AES). This could allow an attacker to cause unknown havoc on the remote system. The connected source...

CVE-2017-5999

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

sysPass >= 2.0 risky cryptographic algorithm usage Vulnerability

Exploit for php platform in category web applications CVE-2017-5999 - sysPass risky cryptographic algorithm usage Credit: Guenaelle De Julis & Quentin Olagne CVE: CVE-2017-5999 Dates: 14/02/2017 Vendor: sysPass Product: sysPass Versions Affected: = 2.0 Risk / Severity Rating: 4.4 CVSSv2 SysPass...

sysPass 1.1.2.23 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-047 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.1.2.23 and below Tested Versions: 1.1.2.23 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification:...

sysPass 1.0.9 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-046 Product: sysPass Manufacturer: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: Insecure Direct Object References CWE-932 Exposure of Backup File to an Unauthorized Control...

sysPass 'getAccounts' Parameter SQL Injection Vulnerability

sysPass is a PHP-based Web password manager. A SQL injection vulnerability exists in sysPass 1.0.9 and earlier versions, which stems from the ajax/ajaxsearch.php script not adequately filtering the 'search' parameter. A remote attacker can exploit this vulnerability to execute arbitrary SQL...

CVE-2015-6516

SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajaxsearch.php...

Sql injection

SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajaxsearch.php...

CVE-2015-6516

sysPass (cygnux.org) is affected by a SQL injection vulnerability in versions 1.0.9 and earlier. The flaw arises in ajax/ajax_search.php where the search parameter is not properly filtered, allowing remote authenticated users to execute arbitrary SQL commands. This aligns with multiple sources (N...

CVE-2015-6516

SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajaxsearch.php...

sysPass 1.0.9 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...

sysPass 1.0.9 - SQL Injection

sysPass 1.0.9 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor...

sysPass 1.0.9 - SQL Injection Vulnerability

Exploit for php platform in category web applications Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solution Date: 2014-08-04...

[SYSS-2015-031] sysPass - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...

sysPass 1.0.9 - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...