733 matches found
Digipass Go3 - Insecure Encryption
// source: https://www.securityfocus.com/bid/21040/info Digipass Go3 is prone to an insecure-encryption vulnerability because the device uses an insecure encryption algorithm to encrypt sensitive data. An attacker can exploit this issue to brute-force the encryption key and gain access to...
Solaris 2.6 (sparc) : 105647-01
The remote host is missing Sun Security Patch number 105647-01 Solstice FireWall-1 3.0: Sparc Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has bee...
Solaris 2.6 (i386) : 105650-01
The remote host is missing Sun Security Patch number 105650-01 Solstice FireWall-1 3.0: x86 Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...
Solaris 2.5.1 (i386) : 105650-01
The remote host is missing Sun Security Patch number 105650-01 Solstice FireWall-1 3.0: x86 Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...
Solaris 2.5.1 (sparc) : 105647-01
The remote host is missing Sun Security Patch number 105647-01 Solstice FireWall-1 3.0: Sparc Patch VPN+DES. Date this patch was last updated by Sun : Sun Dec 07 17:00:00 MST 1997 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has bee...
Windows RASMAN registry corruption vulnerability
Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...
Windows RASMAN registry corruption vulnerability
Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...
CVE-2006-0584
CVE-2006-0584 affects PeopleSoft People Tools 8.4x where the PSCipher function uses PKCS #5 with a fixed DES key to store passwords. This enables local attackers to perform dictionary-style guessing by comparing output strings. The provided documents describe the root cause (fixed DES key) and im...
CVE-2006-0584
The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS 5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings...
Peoplesoft People Tools PSCipher() function weak encryption
Weak DES block cypher without feedback is used...
PeopleSoft (Oracle) PSCipher Encryption Weakness
Vendor: PeopleSoft Product: People Tools Version: 8.4x Platform: Multi-platform Title: Weak Encryption Description: PeopleSoft uses PSCipher for encryption/hashing purposes. Based on observations from the output of PSCipher and on our familiarity with the cryptographic library objects and methods...
SSH Secure-RPC Weak Encrypted Authentication
You are running SSH Communications Security SSH 1.2.27 - 1.2.30. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sql Injection in CJ Ultra Plus v1.0.3-1.0.4
ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ---code begin-- ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; -muhahaha $result = mysqlquery$query; if!$result errormessagesqlerror; ... ---code...
[UNIX] WebAPP Directory Traversal and Encrypted DES Disclosure
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
WebAPP directory traversal and ability to retrieve the DES encrypted password hash
WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. Its home site is at http://www.web-app.org/ Some features are : -Easy to Install on standard Unix servers! Windows user-supported only! -User Profiles -Message forums -Private messaging between members...
RHEL 2.1 : krb5 (RHSA-2003:052)
Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...
Critical: Red Hat Security Advisory: krb5 security update
Updated kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Kerberos is a network authentication system. The MIT Kerberos team released an advisory describing a number of vulnerabilities that affect the kerberos packages shipped by Red Hat. An integer signedness error in the...
DEBIAN-CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol krb4 in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."...