Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities

Background: REX 5000 is a credit card sized PDA, made by Xircom which now is "An Intel Company". It is coming with a good PIM program, Starfish www.starfish.com Truesync Desktop which is probably a new rewrite of the well-known Starfish Sidekick. I just downloaded the last version, 2.0b. I notice...

SurgeFTP admin account bruteforcable

SurgeFTP admin account bruteforcable AFFECTED SYSTEMS SurgeFTP = 2.0f on a win32 platform, should give the same results on nix DESCRIPTION SurgeFTP uses the same extremely weak hashing algorithm as the NWauth module to store the admin password, but adding a fixed 'salting' value which is "qr"...

NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows

NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows AFFECTED SYSTEMS NWAuth module as used by DMail, SurgeFTP, others... cfr www.netwinsite.com I've tested SurgeFTP in particular The source code for NWAuth 2.0 can be found at...

Слабое шифрование в ArGoSoft FTP Server (weak encryption)

Используется обратимый алгоритм ширования...

FreeBSD-SA-01:39.tcp-isn

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:39 Security Advisory FreeBSD, Inc. Topic: TCP initial sequence number generation contains statistical vulnerability Category: core Module: kernel Announced: 2001-05-02...

Слабое шифрование в CCC Harvest (weak encryption)

Используется алгоритм подстановки цезаря...

Уязвимость в алгоритме импорта токенов

Генерация токенов легко восстанаваливается по файлу импорта закрытого ключа .asc...

Sample SecurID Token Emulator with Token Secret Import

Sample SecurID Token Emulator with Token Secret Import We have performed some cryptoanalysis and let's just say we do have grounds to believe that this algorithm is easily breakable. Once again, security of the cipher should be based entirely on the secrecy of the key, not the algorithm. Least...

Проблемы в SmartServer

Переполнение буфера в командах SMTP и POP3, кроме того, для для хранения паролей используется тривиальный обратимый алгоритм...

Weak CRC allows RC4 encrypted SSH1 packets to be modified without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows RC4 encrypted packets to be modified without notice. Description Preconditions: Client has requested RC4 and server supports it. Compression is disabled. When using the RC4 stream cipher, SSH1 uses a cyclic...

Уязвимость в ActiveCard

PIN-код генерируется по время-зависимому алгоритму, что позволяет предсказать значительную часть цифрового кода...

sawmill5.0.21 old path bug & weak hash algorithm

Aleph1, Greetings, I did not see this in the archives so I figured I would forward it on. Vendor: Notified. Link: http://www.flowerfire.com/sawmill SawMill is a site log statistics package for UNIX, Windows and MacOS. I have been evaluating it under Linux. In my test configuration I have sawmill...

Скомпромитирован crypt() в QNX

Для шифрования пароля используется обратимый алгоритм битового вращения, который позволяет восстановить исходный текстовй пароль...

Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Filename Obfuscation

source: https://www.securityfocus.com/bid/1108/info Two dlls dvwssr.dll and mtd2lv.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack include an obfuscation string that manipulates the name of requested files. Knowing this string and the obfuscation...

FTPx FTP Explorer 1.0.00.10 - Weak Password Encryption

// source: https://www.securityfocus.com/bid/1003/info FTP Explorer includes the option to store profiles of visited FTP sites. The user's name and password can also be stored. These stored values are kept in the registry, under the key HKCU\Software\FTP Explorer\Profiles\ProfileName\ . The...

CVE-1999-0476

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user...

MacOS_encryption_algorithm.txt

Subject: MacOS system encryption algorithm 3 To: [email protected] Sometime ago, Dawid adix Adamski sent to bugtraq the encryption algorithm in MacOS personal AppleShare server he found. I have been researching a little on this subject, and I've found his code fails when decoding the firs...

BUFFER OVERFLOW IN RSAREF2

Advisory ID Internal CORE-120199 Advisory ID: CORE-120199 CVE Name: CVE-1999-0834 Bugtraq ID: 843 While researching the exploitability of a buffer overflow in SSH up to version 1.2.27, we discovered a second buffer overflow in the implmementation of the RSA algorithm in RSAREF2 from RSA Data...

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...