Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-12609

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00944EPSS
Exploits1References6
OSV
OSV
added 2025/01/14 7:21 p.m.12 views

BIT-PHP-MIN-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.8AI score0.00944EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/02/12 12:0 a.m.52 views

Rocky Linux 9 : php:8.1 (RLSA-2024:0387)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0387 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If...

9.8CVSS7.8AI score0.08003EPSS
Exploits6References13
OSV
OSV
added 2023/05/02 10:7 a.m.6 views

USN-6053-1 php7.0 vulnerability

It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations...

8.1CVSS6.7AI score0.00944EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.832 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-139)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-139 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the passwo...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2023/03/01 8:15 a.m.3 views

CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.6AI score0.00944EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.38 views

SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2023:0514-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0514-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.2 views

SUSE CVE-2016-6210

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provid...

5.3CVSS8.1AI score0.88944EPSS
Exploits12References11
Tenable Nessus
Tenable Nessus
added 2023/02/14 12:0 a.m.45 views

PHP 8.2.x < 8.2.3 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.3. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.3 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte t...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References6
Huntr
Huntr
added 2023/01/15 2:9 p.m.34 views

SQL injection in API authorization check

Description TeamPass /authorize API endpoint is vulnerable to SQL injection in the login field. It is possible to forge an arbitrary Blowfish hash and use it in the query to bypass the password verification check. Using the same query it is possible to define an arbitrary apikey value too: "login...

5CVSS8.2AI score0.08354EPSS
Exploits6
0day.today
0day.today
added 2016/07/18 12:0 a.m.708 views

OpenSSHd 7.2p2 - Username Enumeration (1)

Exploit for linux platform in category remote exploits Source: http://seclists.org/fulldisclosure/2016/Jul/51 -------------------------------------------------------------------- User Enumeration using Open SSHD =Latest version. -------------------------------------------------------------------...

4.3CVSS6.8AI score0.88944EPSS
Exploits12
Rows per page
Query Builder