How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...

CVE-2018-9375

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9375

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9375

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-1332 · Unknown · Userdictionaryprovider

Name of the Vulnerable Software and Affected Versions: UserDictionaryProvider affected versions not specified Description: The issue is related to multiple functions in UserDictionaryProvider.java, where a confused subordinate could potentially allow adding and removing words from the user...

CVE-2024-38488

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login for...

CVE-2024-38488

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login for...

CVE-2024-38488

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login for...

[SECURITY] Fedora 41 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc41

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

[SECURITY] Fedora 40 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc40

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

[SECURITY] Fedora 39 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc39

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...

JWCrypto: denail of service Via specifically crafted JWE

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

python-pymysql: SQL injection if used with untrusted JSON input

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...

python-pymysql: SQL injection if used with untrusted JSON input

A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escapedict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries...

A Hacker's Guide to Password Cracking

Defending your organization's security is like fortifying a castle—you need to understand where attackers will strike and how they'll try to breach your walls. And hackers are always searching for weaknesses, whether it's a lax password policy or a forgotten backdoor. To build a stronger defense,...

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...

GHSA-C5G6-6XF7-QXP3 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...