Weak Hash Algorithm Without Salt

dolibarr/dolibarr is vulnerable to using a weak hash algorithm without salt. The library does not encrypt its passwords with a salt, meaning that the password hash stored on the system can be easily brute forced...

Wingstop's Android App has an overstepping vulnerability

Yonganxing App is a service platform that guides green shared mobility in the city. Yonganxing Android App suffers from an overstepping vulnerability, where an attacker utilizes the signature algorithm of the data communicated with the server side to overstep its authority to view other users'...

GE Multilin UR / URPlus / B95Plus Protection Relay Cryptographic Algorithm Weakness Information Disclosure (UR-2017-0001)

Binary data scadagemultilinprotectionrelayUR-2017-0001.nbin...

Dagon - Advanced Hash Manipulation

Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more. Screenshots...

The media player can lead to millions of systems suffer from subtitles attack-vulnerability warning-the black bar safety net

Experts pointed out that, as long as the attacker can make the target user in which a vulnerable media player to open a malicious subtitle file will be able to fully control the device. For automatically from the Internet to get the caption of the application, without any user interaction it can...

Shopify: XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"

Description The /:id/digitalwallets/dialog endpoint is used to display a small dialog box relating to the "digital wallets" functionality on a shop. The endpoint includes a script that listens for postMessages without validating the origin of messages. However, the impact of the missing validatio...

OpenSSL handshake renegotiation process in the presence of the vulnerability can lead to denial of service-vulnerability warning-the black bar safety net

One, Foreword OpenSSL is a very popular General-purpose encryption library, available as a Web authentication service to provide SSL/TLS Protocol Implementation. Recently, there has been found in OpenSSL in the presence of several vulnerabilities. We've written several articles on the analysis of...

SUSE-SU-2017:1360-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features: - Improved support for Hyper-V - Support for the tcpwestwood TCP scheduling algorithm The following security bugs were fixed: - CVE-2017-8106: The handleinvept...

BSA-2017-271

Security Advisory ID : BSA-2017-271 Component : MD5 Algorithm Revision : 1.0: Interim The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature...

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3275-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-2 advisory. USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Tenable has extracted the preceding...

Dolibarr <= 4.0.4 Multiple Vulnerabilities - Active Check

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3275-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-1 advisory. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java...

CVE-2017-7888

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...

Design/Logic Flaw

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...

CVE-2017-7888

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

OpenJDK: MD5 allowed for jar verification (Security, 8171121)

It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...

CentOS Update for java CESA-2017:1204 centos7

Check the version of java SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882709";...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...