1123 matches found
DEBIAN-CVE-2011-2483
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
Authentication flaw
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...
CVE-2011-3189
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...
CVE-2011-3189
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...
CVE-2011-3189
CVE-2011-3189 affects PHP 5.3.7: when using the MD5 hash type in the crypt() function, it returns the salt value instead of the hashed password, potentially allowing authentication bypass with an arbitrary password. This is noted as a different issue from CVE-2011-2483; no further technical detai...
PHP 5.3.7 Cryptographic Vulnerability
PHP is prone to a cryptographic vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
PHP 5.3.8 Released, Fixes Crypto Bug
A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue. PHP 5.3.7, which...
PHP 5.3.x < 5.3.7 crypt() MD5 Incorrect Return Value
Binary data 6017.prm...
PHP "crypt()" MD5 Salt安全漏洞
PHP是流行的脚本语言环境。 PHP在"crypt"函数的实现上存在安全漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 此漏洞源于"crypt"函数在生成有salt的MD5哈希时,仅返回salt PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
PHP 5.3.7 crypt() MD5 Incorrect Return Value
Binary data 801098.prm...
PHP 5.3.7 crypt() MD5 Incorrect Return Value
According to its banner, PHP 5.3.7 is installed on the remote host. This version contains a bug in the crypt function when generating salted MD5 hashes. The function only returns the salt rather than the salt and hash. Any authentication mechanism that uses crypt could authorize all authenticatio...
FreeBSD : PHP -- crypt() returns only the salt for MD5 (3f1df2f9-cd22-11e0-9bb2-00215c6a37bb)
PHP development team reports : If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...
PHP 5.3 < 5.3.7 Multiple Vulnerabilities
Binary data 801087.prm...
PHP -- crypt() returns only the salt for MD5
PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...
python security, bug fix, and enhancement update
python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...
John the Ripper 1.7.7 new version Released !
John the Ripper 1.7.7 new version Released ! "John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt3 password hash types commonly found on Unix...
Fedora Update for pam_mount FEDORA-2010-12950
Check for the Version of pammount OpenVAS Vulnerability Test Fedora Update for pammount FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Chilkat Crypt - ActiveX WriteFile Unsafe Method (Metasploit)
$Id: chilkatcryptwritefile.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Chilkat Crypt ActiveX WriteFile Unsafe Method
$Id: chilkatcryptwritefile.rb 8703 2010-03-03 21:17:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Chilkat Crypt ActiveX WriteFile Unsafe Method
This module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method requires that the victim user be...