Lucene search
K

1123 matches found

OSV
OSV
added 2011/08/25 2:22 p.m.2 views

DEBIAN-CVE-2011-2483

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS6.9AI score0.04972EPSS
Exploits0References1
Prion
Prion
added 2011/08/25 2:22 p.m.38 views

Authentication flaw

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...

4.3CVSS7.2AI score0.04972EPSS
Exploits2References10Affected Software1
UbuntuCve
UbuntuCve
added 2011/08/25 2:22 p.m.43 views

CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...

4.3CVSS6AI score0.04205EPSS
Exploits2References1
Cvelist
Cvelist
added 2011/08/25 2:0 p.m.41 views

CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...

7.2AI score0.04205EPSS
Exploits2References10
CVE
CVE
added 2011/08/25 2:0 p.m.107 views

CVE-2011-3189

CVE-2011-3189 affects PHP 5.3.7: when using the MD5 hash type in the crypt() function, it returns the salt value instead of the hashed password, potentially allowing authentication bypass with an arbitrary password. This is noted as a different issue from CVE-2011-2483; no further technical detai...

4.3CVSS7.4AI score0.04205EPSS
Exploits2References10Affected Software1
OpenVAS
OpenVAS
added 2011/08/25 12:0 a.m.70 views

PHP 5.3.7 Cryptographic Vulnerability

PHP is prone to a cryptographic vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

4.3CVSS6.7AI score0.04205EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2011/08/24 11:51 a.m.14 views

PHP 5.3.8 Released, Fixes Crypto Bug

A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue. PHP 5.3.7, which...

7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/08/24 12:0 a.m.14 views

PHP 5.3.x < 5.3.7 crypt() MD5 Incorrect Return Value

Binary data 6017.prm...

4.3CVSS7.3AI score0.04205EPSS
Exploits2References3
seebug.org
seebug.org
added 2011/08/24 12:0 a.m.31 views

PHP &quot;crypt()&quot; MD5 Salt安全漏洞

PHP是流行的脚本语言环境。 PHP在"crypt"函数的实现上存在安全漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 此漏洞源于"crypt"函数在生成有salt的MD5哈希时,仅返回salt PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/08/24 12:0 a.m.9 views

PHP 5.3.7 crypt() MD5 Incorrect Return Value

Binary data 801098.prm...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/08/24 12:0 a.m.58 views

PHP 5.3.7 crypt() MD5 Incorrect Return Value

According to its banner, PHP 5.3.7 is installed on the remote host. This version contains a bug in the crypt function when generating salted MD5 hashes. The function only returns the salt rather than the salt and hash. Any authentication mechanism that uses crypt could authorize all authenticatio...

4.3CVSS5.4AI score0.04205EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2011/08/23 12:0 a.m.16 views

FreeBSD : PHP -- crypt() returns only the salt for MD5 (3f1df2f9-cd22-11e0-9bb2-00215c6a37bb)

PHP development team reports : If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/08/23 12:0 a.m.58 views

PHP 5.3 < 5.3.7 Multiple Vulnerabilities

Binary data 801087.prm...

10CVSS7.4AI score0.22724EPSS
Exploits17References14
FreeBSD
FreeBSD
added 2011/08/17 12:0 a.m.24 views

PHP -- crypt() returns only the salt for MD5

PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...

1.9AI score
Exploits0References1
Oracle linux
Oracle linux
added 2011/05/28 12:0 a.m.60 views

python security, bug fix, and enhancement update

python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...

6.9CVSS7.3AI score0.14643EPSS
Exploits3
The Hacker News
The Hacker News
added 2011/04/28 10:38 a.m.11 views

John the Ripper 1.7.7 new version Released !

John the Ripper 1.7.7 new version Released ! "John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt3 password hash types commonly found on Unix...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2010/12/02 12:0 a.m.21 views

Fedora Update for pam_mount FEDORA-2010-12950

Check for the Version of pammount OpenVAS Vulnerability Test Fedora Update for pammount FEDORA-2010-12950 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS0.05506EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2010/09/20 12:0 a.m.36 views

Chilkat Crypt - ActiveX WriteFile Unsafe Method (Metasploit)

$Id: chilkatcryptwritefile.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

9.3CVSS7AI score0.40655EPSS
Exploits3
Packet Storm
Packet Storm
added 2010/03/05 12:0 a.m.74 views

Chilkat Crypt ActiveX WriteFile Unsafe Method

$Id: chilkatcryptwritefile.rb 8703 2010-03-03 21:17:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

9.3CVSS0.6AI score0.40655EPSS
Exploits3
Metasploit
Metasploit
added 2010/03/03 9:17 p.m.30 views

Chilkat Crypt ActiveX WriteFile Unsafe Method

This module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method requires that the victim user be...

9.3CVSS7.4AI score0.40655EPSS
Exploits3
Rows per page
Query Builder