Lucene search
+L

1553 matches found

packetstorm
packetstorm
added 2006/07/26 12:0 a.m.24 views

VanillaCMS.txt

Vanilla CMS = 1.0.1 RootDirectory Remote file inclusion Vuln. Vendor : Vanilla CMS Demo : http://demo.opensourcecms.com/vanilla/ Get Source : http://getvanilla.org/ Vuln type : Remote Risk : High Author : MFox HomePage : Http://hackerz.ir/ Team : IHST Iran HackerZ Security Team Contact :...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/09 12:0 a.m.61 views

txtForum: Script Injection Vulnerability

=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...

1.6AI score
Exploits0
nvd
nvd
added 2005/08/05 4:0 a.m.16 views

CVE-2005-2359

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session...

5CVSS6.8AI score0.00906EPSS
Exploits0References5
securityvulns
securityvulns
added 2005/07/01 12:0 a.m.38 views

NetBSD Security Advisory 2005-001: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2005-001 ================================= Topic: Crypto leaks across HyperThreaded CPUs i386, P4, HTT+SMP only Version: NetBSD-current: affected, i386 on P4 with HTT and SMP kernels NetBSD 2.0: affected, i386 on P4 with HTT a...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2003/11/20 12:0 a.m.75 views

YAK! 2.1.0 still vulnerable

YAK! 2.1.0 still vulnerable =========================== for file transfer yak uses ftp mode. Yak! listens on port 3535 for file transfer in ftp mode. vulnerability in the previous version was, they were using constant username and pass combination for ftp login. 2.1.0 version seems to overcome th...

1.5AI score
Exploits0
cve
cve
added 2002/02/02 5:0 a.m.48 views

CVE-2001-0967

Knox Arkeia server (notably version 4.2) uses a constant salt when hashing passwords via crypt(), enabling easier brute‑force guessing. The root cause is the non‑unique salt value in password encryption, which compromises password strength. The PT-2001-2119 advisory aligns with this, describing t...

9.8CVSS7.2AI score0.00954EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2002/02/02 5:0 a.m.16 views

CVE-2001-0967

Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing...

9.6AI score0.00954EPSS
Exploits0References2
nvd
nvd
added 2001/08/31 4:0 a.m.17 views

CVE-2001-0967

Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing...

9.8CVSS9.6AI score0.00954EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2001/08/31 12:0 a.m.7 views

PT-2001-2119 · Knox · Knox Arkeia Server

Name of the Vulnerable Software and Affected Versions: Knox Arkeia server version 4.2 Description: The issue is related to the use of a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing. Recommendations...

9.8CVSS6.4AI score0.00954EPSS
Exploits0References4
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.38 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS6.3AI score0.01193EPSS
Exploits0Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.20 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS6.3AI score0.01193EPSS
Exploits0Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.30 views

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

8.1CVSS7.2AI score0.01338EPSS
Exploits0Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.24 views

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

8.1CVSS7.2AI score0.01338EPSS
Exploits0Affected Software1
Rows per page
Query Builder