sphpblog多个输入验证漏洞

Simple PHP Blog是一款无需数据库支持的简单Blog程序。 sphpblog中存在多个漏洞，起因是应用程序没有正确的验证用户输入。远程攻击者可以利用这些漏洞获取敏感信息或执行任意代码。 A. 完整路径泄漏 http://Url/sphpblog/scripts/sbfunctions.php Ex: Warning: mainscripts/sbfileio.php: failed to open stream: No such file or directory in /var/www/sphpblog/scripts/sbfunctions.php on line 52...

CVE-2001-0967

Knox Arkeia server (notably version 4.2) uses a constant salt when hashing passwords via crypt(), enabling easier brute‑force guessing. The root cause is the non‑unique salt value in password encryption, which compromises password strength. The PT-2001-2119 advisory aligns with this, describing t...

PT-2001-2119 · Knox · Knox Arkeia Server

Name of the Vulnerable Software and Affected Versions: Knox Arkeia server version 4.2 Description: The issue is related to the use of a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing. Recommendations...

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

QSSL QNX 4.25 A - crypt() Local Privilege Escalation

QSSL QNX 4.25 A - crypt Local Privilege Escalation / source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants,...

QSSL QNX 4.25 A - 'crypt()' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on a variant of the DES encryption...