1055 matches found
PHP 5.3.7 crypt() MD5 Incorrect Return Value
According to its banner, PHP 5.3.7 is installed on the remote host. This version contains a bug in the crypt function when generating salted MD5 hashes. The function only returns the salt rather than the salt and hash. Any authentication mechanism that uses crypt could authorize all authenticatio...
PHP 5.3.x < 5.3.7 crypt() MD5 Incorrect Return Value
Binary data 6017.prm...
PHP "crypt()" MD5 Salt安全漏洞
PHP是流行的脚本语言环境。 PHP在"crypt"函数的实现上存在安全漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 此漏洞源于"crypt"函数在生成有salt的MD5哈希时,仅返回salt PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
PHP 5.3 < 5.3.7 Multiple Vulnerabilities
Binary data 801087.prm...
FreeBSD : PHP -- crypt() returns only the salt for MD5 (3f1df2f9-cd22-11e0-9bb2-00215c6a37bb)
PHP development team reports : If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...
PHP -- crypt() returns only the salt for MD5
PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...
python security, bug fix, and enhancement update
python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...
John the Ripper 1.7.7 new version Released !
John the Ripper 1.7.7 new version Released ! "John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt3 password hash types commonly found on Unix...
Fedora Update for pam_mount FEDORA-2010-12950
Check for the Version of pammount OpenVAS Vulnerability Test Fedora Update for pammount FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Chilkat Crypt - ActiveX WriteFile Unsafe Method (Metasploit)
$Id: chilkatcryptwritefile.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Chilkat Crypt ActiveX WriteFile Unsafe Method
$Id: chilkatcryptwritefile.rb 8703 2010-03-03 21:17:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Chilkat Crypt ActiveX WriteFile Unsafe Method
This module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method requires that the victim user be...
RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several...
Windows Telnet credential reflection
Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...
Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability
Added: 07/24/2009 CVE: CVE-2009-1350 BID: 34400 OSVDB: 53351 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem A vulnerability in the xtagent.exe program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted...
Oracle Enterprise Linux 4.8 kernel security and bug fix update
2.6.9-89 -fix regression in cxgb3 driver spinlock usage Andy Gospodarek 495557 -cxgb3: fixup possible workqueue deadlocks Andy Gospodarek 495558 -e1000: network driver doesn t reset nic during shutdown and prevents pxe reloads George Beshers 465620 -cxgb3: fix msix bringup so we dont leak vectors...
Fedora 10 : perl-Crypt-OpenSSL-DSA-0.13-12.fc10 (2009-2090)
Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon error rather than returning a -1 to ensure programmers are not caught by surprise which only checking for non-zero results. Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...
MDVA-2009:051 : perl-Crypt-SSLeay
This update provides updated perl-Crypt-SSLeay, required for mdkonline to work with restricted resources. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script...
Fedora Core 10 FEDORA-2009-2090 (perl-Crypt-OpenSSL-DSA)
The remote host is missing an update to perl-Crypt-OpenSSL-DSA announced via advisory FEDORA-2009-2090. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...
[SECURITY] Fedora 10 Update: perl-Crypt-OpenSSL-DSA-0.13-12.fc10
Crypt::OpenSSL::DSA - Digital Signature Algorithm using OpenSSL...