Lucene search
+L

733 matches found

Exploit DB
Exploit DB
added 2006/11/13 12:0 a.m.30 views

Digipass Go3 - Insecure Encryption

// source: https://www.securityfocus.com/bid/21040/info Digipass Go3 is prone to an insecure-encryption vulnerability because the device uses an insecure encryption algorithm to encrypt sensitive data. An attacker can exploit this issue to brute-force the encryption key and gain access to...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.11 views

Solaris 2.6 (sparc) : 105647-01

The remote host is missing Sun Security Patch number 105647-01 Solstice FireWall-1 3.0: Sparc Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has bee...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.20 views

Solaris 2.6 (i386) : 105650-01

The remote host is missing Sun Security Patch number 105650-01 Solstice FireWall-1 3.0: x86 Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.12 views

Solaris 2.5.1 (i386) : 105650-01

The remote host is missing Sun Security Patch number 105650-01 Solstice FireWall-1 3.0: x86 Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.10 views

Solaris 2.5.1 (sparc) : 105647-01

The remote host is missing Sun Security Patch number 105647-01 Solstice FireWall-1 3.0: Sparc Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has bee...

0.1AI score
Exploits0
Saint
Saint
added 2006/07/28 12:0 a.m.56 views

Windows RASMAN registry corruption vulnerability

Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...

7.5CVSS7.6AI score0.21943EPSS
Exploits6
Saint
Saint
added 2006/07/28 12:0 a.m.37 views

Windows RASMAN registry corruption vulnerability

Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...

7.5CVSS7.5AI score0.21943EPSS
Exploits6
CVE
CVE
added 2006/02/08 1:0 a.m.50 views

CVE-2006-0584

CVE-2006-0584 affects PeopleSoft People Tools 8.4x where the PSCipher function uses PKCS #5 with a fixed DES key to store passwords. This enables local attackers to perform dictionary-style guessing by comparing output strings. The provided documents describe the root cause (fixed DES key) and im...

2.1CVSS6.3AI score0.00333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2006/02/08 1:0 a.m.21 views

CVE-2006-0584

The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS 5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings...

6.3AI score0.00333EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/02/07 12:0 a.m.36 views

Peoplesoft People Tools PSCipher() function weak encryption

Weak DES block cypher without feedback is used...

1.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/02/07 12:0 a.m.152 views

PeopleSoft (Oracle) PSCipher Encryption Weakness

Vendor: PeopleSoft Product: People Tools Version: 8.4x Platform: Multi-platform Title: Weak Encryption Description: PeopleSoft uses PSCipher for encryption/hashing purposes. Based on observations from the output of PSCipher and on our familiarity with the cryptographic library objects and methods...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.16 views

SSH Secure-RPC Weak Encrypted Authentication

You are running SSH Communications Security SSH 1.2.27 - 1.2.30. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS6.8AI score0.00842EPSS
Exploits1References1
securityvulns
securityvulns
added 2005/05/07 12:0 a.m.85 views

Sql Injection in CJ Ultra Plus v1.0.3-1.0.4

ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ---code begin-- ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; -muhahaha $result = mysqlquery$query; if!$result errormessagesqlerror; ... ---code...

2.1AI score
Exploits0
securityvulns
securityvulns
added 2004/09/01 12:0 a.m.47 views

[UNIX] WebAPP Directory Traversal and Encrypted DES Disclosure

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/08/25 12:0 a.m.34 views

WebAPP directory traversal and ability to retrieve the DES encrypted password hash

WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. Its home site is at http://www.web-app.org/ Some features are : -Easy to Install on standard Unix servers! Windows user-supported only! -User Profiles -Message forums -Private messaging between members...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.41 views

RHEL 2.1 : krb5 (RHSA-2003:052)

Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...

9.8CVSS8.1AI score0.15031EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2003/03/27 7:43 p.m.51 views

Critical: Red Hat Security Advisory: krb5 security update

Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...

9.8CVSS7.4AI score0.15031EPSS
Exploits1References6
OSV
OSV
added 2003/03/24 5:0 a.m.5 views

DEBIAN-CVE-2003-0139

Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...

7.5CVSS8.6AI score0.04284EPSS
Exploits0References1
NVD
NVD
added 2003/03/24 5:0 a.m.23 views

CVE-2003-0139

Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...

7.5CVSS6.2AI score0.04284EPSS
Exploits0References11
OSV
OSV
added 2003/03/24 5:0 a.m.7 views

CVE-2003-0139

Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...

6.2AI score
Exploits0References14
Rows per page
Query Builder