1553 matches found
VanillaCMS.txt
Vanilla CMS = 1.0.1 RootDirectory Remote file inclusion Vuln. Vendor : Vanilla CMS Demo : http://demo.opensourcecms.com/vanilla/ Get Source : http://getvanilla.org/ Vuln type : Remote Risk : High Author : MFox HomePage : Http://hackerz.ir/ Team : IHST Iran HackerZ Security Team Contact :...
txtForum: Script Injection Vulnerability
=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...
CVE-2005-2359
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session...
NetBSD Security Advisory 2005-001: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2005-001 ================================= Topic: Crypto leaks across HyperThreaded CPUs i386, P4, HTT+SMP only Version: NetBSD-current: affected, i386 on P4 with HTT and SMP kernels NetBSD 2.0: affected, i386 on P4 with HTT a...
YAK! 2.1.0 still vulnerable
YAK! 2.1.0 still vulnerable =========================== for file transfer yak uses ftp mode. Yak! listens on port 3535 for file transfer in ftp mode. vulnerability in the previous version was, they were using constant username and pass combination for ftp login. 2.1.0 version seems to overcome th...
CVE-2001-0967
Knox Arkeia server (notably version 4.2) uses a constant salt when hashing passwords via crypt(), enabling easier brute‑force guessing. The root cause is the non‑unique salt value in password encryption, which compromises password strength. The PT-2001-2119 advisory aligns with this, describing t...
CVE-2001-0967
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing...
CVE-2001-0967
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing...
PT-2001-2119 · Knox · Knox Arkeia Server
Name of the Vulnerable Software and Affected Versions: Knox Arkeia server version 4.2 Description: The issue is related to the use of a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing. Recommendations...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...
CVE-2019-18887: Use constant time comparison in UriSigner
More info at https://symfony.com/cve-2019-18887...
CVE-2019-18887: Use constant time comparison in UriSigner
More info at https://symfony.com/cve-2019-18887...