CVE-2004-0351

The CVE-2004-0351 issue concerns Spider Sales shopping cart, where the private key is stored in the same database/table as the public key. This design enables local users with database access to decrypt data, affecting confidentiality (partial). The available sources describe the vulnerable behav...

CVE-2004-0351

Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data...

CVE-2004-2134

Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords...

OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm

source: https://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases. OracleAS TopLink Mapping Workbenc...

CVE-2003-1447

IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm XOR and base64 encoding, which allows local users to decrypt passwords when the configuration file is exported to XML...

CVE-2003-1392

CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data...

CVE-2003-0745

SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server...

CVE-2003-0745

SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server...

Multiple mailtraq bugs

Directory traversal, passwords decryption, format string bugs, crossite scripting, etc...

Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)

The original advisory is available from: http://www.securiteam.com/windowsntfocus/5HP0G1FAAC.html Summary: --------- Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". The product suffered from multiple vulnerabilities that range from access to...

5HP0G1FAAC.txt

Title 9/6/2003 Multiple Vulnerabilities Found in Mailtraq DoS, Password Decryption, Directory Traversal Summary Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful mailing list server". The product suffered from multiple vulnerabilities that range from access to files...

[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 288-1 [email protected] http://www.debian.org/security/ Martin Schulze April 17th, 2003 http://www.debian.org/security/faq -...

Computer Associates - Unicenter Asset Manager Stored Secret Data Decryption

Computer Associates - Unicenter Asset Manager Stored Secret Data Decryption source: https://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain...

Computer Associates - Unicenter Asset Manager Stored Secret Data Decryption

source: https://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain access to potentially sensitive resources. !/usr/bin/perl...

SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery

The remote host is running a version of SSH Communications Security SSH comprised between versions 1.2.27 and 1.2.30. With Secure-RPC, this version can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private ke...

CVE-2002-2207

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret...

CVE-2002-1872

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption XOR, which allows remote attackers to sniff and decrypt the password...

DEBIAN-CVE-2002-2207

Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret...

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...