Vulnerability in contrib module (CVE-2015-5288)

Memory leak in crypt function...

Gentoo Security Advisory GLSA 201309-01

Gentoo Linux Local Security Checks GLSA 201309-01 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Gentoo Security Advisory GLSA 201401-16

Gentoo Linux Local Security Checks GLSA 201401-16 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-91)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2011-12)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2011-7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Q-shell - Quick Shell for Unix Administrator

q-shell is quick shell for remote login into Unix system, it use blowfish crypt algorithm to protect transport data from client to server, you can get two program: 'qsh' for client, and 'qshd' for server, those program can rename by any name with you prefer. Compile Just enter 'make' and it will...

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

Default credentials

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

Chilkat Crypt ActiveX WriteFile Unsafe Method

No description provided by source. $Id: chilkatcryptwritefile.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

QSSL QNX 4.25 A crypt() Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on ...

BlogTorrent <= 0.92 Remote Password Disclosure Exploit

No description provided by source. Edited for easy info. /str0ke Software: BlogTorrent 0.92 = Vendor: http://www.blogtorrent.com/ Author: LazyCrs && pjphem Date: 10/07/2005 Type: Remote/Local User Password Disclosure 0x03 - POC http://test/pathofblog/data/newusers =...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

openSUSE Security Update : php5 (openSUSE-SU-2012:0826-1)

security update : - Fix BSD crypt 8bit character mishandling CVE-2012-2143 bnc766798 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-365. The text description of this plugin is C...

openSUSE Security Update : xdm (openSUSE-SU-2013:1117-1)

xdm was updated on crypt NULL pointer crashes : - Starting with glibc 2.17 eglibc 2.17, crypt fails with EINVAL w/ NULL return if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords passed to crypt fail with EPERM w/ NULL return. If using...

openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)

The crypt3 manpage was updated to also list the 2y prefix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update man-pages-5032. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)

The crypt3 manpage was updated to also list the 2y prefix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update man-pages-5032. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)

Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...

CVE-2013-4143

The 1 checkPasswd and 2 checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to...