33 matches found
Linux Distros Unpatched Vulnerability : CVE-2011-2483
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit...
RHEL 3 : rh-postgresql (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cryptblowfish: 8-bit character mishandling allows different password pairs to produce the same hash CVE-2011-2483...
PHP 5.4.x < 5.4.0 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities : - cryptblowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers ...
SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)
PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service stack...
Amazon Linux AMI : php (ALAS-2011-07)
The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311)
PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - This update fixes arbitrary read and write of files via XSL functionality. CVE-2012-3488 - postgresql: denial of service stack exhaustion via...
Debian: Security Advisory (DSA-2399-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2399-2 (php5)
The remote host is missing an update to php5 announced via advisory DSA 2399-2. OpenVAS Vulnerability Test $Id: deb23992.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2399-2 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian Security Advisory DSA 2399-1 (php5)
The remote host is missing an update to php5 announced via advisory DSA 2399-1. OpenVAS Vulnerability Test $Id: deb23991.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2399-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
[SECURITY] [DSA 2399-2] php5 regression fix
------------------------------------------------------------------------- Debian Security Advisory DSA-2399-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 31, 2012 http://www.debian.org/security/faq -...
Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin)
Check for the Version of php-suhosin OpenVAS Vulnerability Test Mandriva Update for php-suhosin MDVSA-2011:180 php-suhosin Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)
A vulnerability was discovered and fixed in php-suhosin : cryptblowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash CVE-2011-2483. The...
crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
RHEL 5 : postgresql84 (RHSA-2011:1378)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1378 advisory. - cryptblowfish: 8-bit character mishandling allows different password pairs to produce the same hash CVE-2011-2483 Note that Nessus has not tested f...
Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)
Security Enhancements and Fixes : - Updated cryptblowfish to 1.2. CVE-2011-2483 - Fixed crash in errorlog. Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt. - Fixed bug 54939 File path injection vulnerability in RFC1867 File upload filename. Reported by Krzysztof...
Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)
Security Enhancements and Fixes : - Updated cryptblowfish to 1.2. CVE-2011-2483 - Fixed crash in errorlog. Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt. - Fixed bug 54939 File path injection vulnerability in RFC1867 File upload filename. Reported by Krzysztof...
[slackware-security] php (SSA:2011-237-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2011-237-01 New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...
CVE-2011-2483
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...
CVE-2011-2483
cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...