CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

Default credentials

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

Chilkat Crypt ActiveX WriteFile Unsafe Method

No description provided by source. $Id: chilkatcryptwritefile.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

BlogTorrent <= 0.92 Remote Password Disclosure Exploit

No description provided by source. Edited for easy info. /str0ke Software: BlogTorrent 0.92 = Vendor: http://www.blogtorrent.com/ Author: LazyCrs && pjphem Date: 10/07/2005 Type: Remote/Local User Password Disclosure 0x03 - POC http://test/pathofblog/data/newusers =...

QSSL QNX 4.25 A crypt() Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on ...

openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)

The crypt3 manpage was updated to also list the 2y prefix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update man-pages-5032. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)

The crypt3 manpage was updated to also list the 2y prefix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update man-pages-5032. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)

Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...

openSUSE Security Update : php5 (openSUSE-SU-2012:0826-1)

security update : - Fix BSD crypt 8bit character mishandling CVE-2012-2143 bnc766798 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-365. The text description of this plugin is C...

openSUSE Security Update : xdm (openSUSE-SU-2013:1117-1)

xdm was updated on crypt NULL pointer crashes : - Starting with glibc 2.17 eglibc 2.17, crypt fails with EINVAL w/ NULL return if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords passed to crypt fail with EPERM w/ NULL return. If using...

CVE-2013-4143

The 1 checkPasswd and 2 checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to...

CVE-2013-4143

The 1 checkPasswd and 2 checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to...

Medium: cyrus-sasl

Issue Overview: Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt o...

Updated postgresql packages fix multiple security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role memb...

CVE-2013-6445

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...

CVE-2013-6445

CVE-2013-6445 affects Red Hat Enterprise MRG 2.5 where the Cumin (MRG Management Console) component uses the DES-based crypt() hash for passwords. Root cause: weak DES-based hashing enables faster brute-force recovery of plaintext passwords if a cumin user database is compromised. Impact: potenti...

CVE-2013-6445

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...

CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service NULL pointer...