EUVD-2014-4549

Malware in sbrugna...

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

Default credentials

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE, when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta...

openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)

Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

Mandriva Update for postgresql MDVSA-2012:092 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:092 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

crypt(): DES encrypted password weakness

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:092)

Multiple vulnerabilities has been discovered and corrected in postgresql : Fix incorrect password transformation in contrib/pgcrypto's DES crypt function Solar Designer. If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much...