Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

108 matches found

Tenable Nessus
Tenable Nessusadded 2011/08/24 12:0 a.m.58 views

PHP 5.3.7 crypt() MD5 Incorrect Return Value

According to its banner, PHP 5.3.7 is installed on the remote host. This version contains a bug in the crypt function when generating salted MD5 hashes. The function only returns the salt rather than the salt and hash. Any authentication mechanism that uses crypt could authorize all authenticatio...

4.3CVSS5.4AI score0.04205EPSS
Exploits2References3
Cvelist
Cvelistadded 2007/05/24 6:0 p.m.33 views

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

7AI score0.02863EPSS
Exploits0References5
seebug.org
seebug.orgadded 2006/10/29 12:0 a.m.41 views

sphpblog多个输入验证漏洞

Simple PHP Blog是一款无需数据库支持的简单Blog程序。 sphpblog中存在多个漏洞,起因是应用程序没有正确的验证用户输入。远程攻击者可以利用这些漏洞获取敏感信息或执行任意代码。 A. 完整路径泄漏 http://Url/sphpblog/scripts/sbfunctions.php Ex: Warning: mainscripts/sbfileio.php: failed to open stream: No such file or directory in /var/www/sphpblog/scripts/sbfunctions.php on line 52...

7.1AI score
Exploits0
CVE
CVEadded 2002/02/02 5:0 a.m.44 views

CVE-2001-0967

Knox Arkeia server (notably version 4.2) uses a constant salt when hashing passwords via crypt(), enabling easier brute‑force guessing. The root cause is the non‑unique salt value in password encryption, which compromises password strength. The PT-2001-2119 advisory aligns with this, describing t...

9.8CVSS7.2AI score0.00954EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2001/08/31 12:0 a.m.6 views

PT-2001-2119 · Knox · Knox Arkeia Server

Name of the Vulnerable Software and Affected Versions: Knox Arkeia server version 4.2 Description: The issue is related to the use of a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing. Recommendations...

9.8CVSS6.4AI score0.00954EPSS
Exploits0References4
securityvulns
securityvulnsadded 2000/04/17 12:0 a.m.129 views

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

0.3AI score
Exploits0
exploitpack
exploitpackadded 2000/04/15 12:0 a.m.11 views

QSSL QNX 4.25 A - crypt() Local Privilege Escalation

QSSL QNX 4.25 A - crypt Local Privilege Escalation / source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants,...

0.6AI score
Exploits0
Exploit DB
Exploit DBadded 2000/04/15 12:0 a.m.34 views

QSSL QNX 4.25 A - 'crypt()' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on a variant of the DES encryption...

7.4AI score
Exploits0
Rows per page
Query Builder