EUVD-2004-0523

Malware in sbrugna...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...

Medium: cloud-init

Issue Overview: A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. CVE-2021-3429 Affected Packages:...

Medium: cloud-init

Issue Overview: A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the...

Xymon Command Injection Vulnerability

Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . Xymon's useradm and chpasswd web applications in the command injection...

CVE-2008-5103

The 1 python-vm-builder and 2 ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! exclamation point and allows attackers to bypass intended login...

CVE-2008-5103

The 1 python-vm-builder and 2 ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! exclamation point and allows attackers to bypass intended login...

Design/Logic Flaw

The 1 python-vm-builder and 2 ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! exclamation point and allows attackers to bypass intended login...

CVE-2008-5103

The 1 python-vm-builder and 2 ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! exclamation point and allows attackers to bypass intended login...

SquirrelMail (chpasswd) Local Root Bruteforce Exploit

No description provided by source. / PSTchpasswdexp-vb.c: Squirrelmail chpasswd local root bruteforce exploit Author: BytesBytesatph4nt0m.net || Bytesatph4nt0m.org www ph4nt0m net Notice: vb: Local bruteforce version vR: remote bruteforce version Greatze: ph4nt0m,music@0x557 All PST...

SquirrelMail chpasswd buffer overflow

No description provided by source. / 0x3142-sq-chpasswd.c Squirremail chpasswd buffer overflow. Tested on SuSE 9. The bug was found by Matias Neiff matias neiff com ar Coded by x314 0x3142 hushmail.com c 2004 Copyright by x314. All Rights Reserved. Greets: m0s krewz. / include stdlib.h char...

SquirrelMail 3.1 - Change Passwd Plugin Local Buffer Overflow

SquirrelMail 3.1 - Change Passwd Plugin Local Buffer Overflow / Change passwd 3.1 SquirrelMail plugin Coded by rod hedor web-- http://lezr.com local exploit Multiple buffer overflows are present in the handling of command line arguements in chpasswd. The bug allows a hacker to exploit the process...

CVE-2006-0331

The CVE-2006-0331 vulnerability affects the Change passwd 3.1 (chpasswd) SquirrelMail plugin, where a buffer overflow allows a local user to potentially execute arbitrary code by supplying long command line arguments. The issue is documented in NVD as a buffer overflow in the SquirrelMail plugin,...

SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)

/ PSTchpasswdexp-vb.c: Squirrelmail chpasswd local root bruteforce exploit Author: Bytes || www ph4nt0m net Notice: vb: Local bruteforce version vR: remote bruteforce version Greatze: ph4nt0m,music@0x557 All PST member,Grip2,Airsupply,Jambalaya,Ann,Paul,Happy... Thax: My...

SquirrelMail - chpasswd Local Privilege Escalation (Brute Force)

SquirrelMail - chpasswd Local Privilege Escalation Brute Force / PSTchpasswdexp-vb.c: Squirrelmail chpasswd local root bruteforce exploit Author: Bytes || www ph4nt0m net Notice: vb: Local bruteforce version vR: remote bruteforce version Greatze: ph4nt0m,music@0x557 All PST...

CVE-2004-0524

Buffer overflow in the chpasswd command in the Changepasswd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name...

CVE-2004-0524

The CVE-2004-0524 entry describes a buffer overflow in the chpasswd command of the Change_passwd plugin (before 4.0) used by SquirrelMail. The vulnerability allows local users to gain root privileges through a long user name. The NVD entry assigns a base score of 10.0 (HIGH) with local, low-compl...

CVE-2004-0524

Buffer overflow in the chpasswd command in the Changepasswd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name...

SquirrelMail - 'chpasswd' Local Buffer Overflow

/ 0x3142-sq-chpasswd.c Squirremail chpasswd buffer overflow. Tested on SuSE 9. The bug was found by Matias Neiff Coded by x314 c 2004 Copyright by x314. All Rights Reserved. Greets: m0s krewz. / include char shellcode= "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0"...