Vulnerability in encrypted loop device for linux

Hello, The following text describes a security hole in the encrypted loop device for linux. Because of it, an attacker is able to modify the content of the encrypted device without being detected. This text proposes to fix the hole by authenticating the device. comments are welcome ps: version in...

FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading

source: https://www.securityfocus.com/bid/3344/info FreeBSD is a freely available, open source implementation of the BSD UNIX Operating System. It is developed and maintained by the FreeBSD Project. It is possible for a user with access to a system via SSH to gain access to privileged information...

CVE-1999-1072

Excite for Web Servers EWS 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi...

CVE-1999-1072

Excite for Web Servers (EWS) 1.1 is affected by a local-privilege escalation where an attacker who can read Architext.conf (world-readable) can obtain the encrypted password and replay it in an HTTP request to AT-generated.cgi or AT-admin.cgi to gain privileges. Root cause: the password is stored...

CVE-1999-1073

Technical details about CVE-1999-1073 are not publicly provided in the supplied documents. Monitor for updates from NVD/CVE listings.

EFTP 2.0.7 337 - Remote Buffer Overflow Code Execution / Denial of Service

// source: https://www.securityfocus.com/bid/3330/info Encrypted FTP EFTP is both an FTP client and server application for Windows platforms. A malicious user with upload permissions to the target host can cause a buffer overflow in EFTP to execute code of the attacker's choosing. The attacker ca...

SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters

Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...

CVE-2001-0381

The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key...

CVE-2001-0261

Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files...

CVE-2001-0261

CVE-2001-0261 affects Microsoft Windows 2000 Encrypted File System. The issue is that backups of encrypted files are not properly destroyed, allowing a local attacker to recover the plaintext. The NVD entry assigns a low impact with partial confidentiality loss (CVSS v2 base score 2.1, LOCAL acce...

CVE-2001-0261

Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files...

MySQL < 3.23.36 Multiple Vulnerabilities

The installed version of MySQL is older than version 3.23.36. Such versions are potentially affected by multiple vulnerabilities : - It is possible to modify arbitrary files and gain privileges by creating a database with '..' characters. CVE-2001-0407 - Users with a MySQL account can use the 'SH...

SafeWord e.Id Trivial PIN Brute-Force Vulnerability

Subject: SafeWord e.Id Trivial PIN Brute-Force Vulnerability BUGTRAQ ID: 2105 Published: December 14, 2000 Updated: December 14, 2000 Remote: No Local: Yes Vulnerable Systems: Secure Computing e.iD Authenticator for Palm 2.0 - Palm Palm OS 3.5.2 - Palm Palm OS 3.3 Non-Vulnerable Systems: Summary:...

CVE-1999-0429

The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference...

Weak CRC allows RC4 encrypted SSH1 packets to be modified without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows RC4 encrypted packets to be modified without notice. Description Preconditions: Client has requested RC4 and server supports it. Compression is disabled. When using the RC4 stream cipher, SSH1 uses a cyclic...

CVE-2000-0420

CVE-2000-0420 concerns Windows 2000 SYSKEY: the default SYSKEY configuration stores the startup key in the registry, which could allow an attacker with local access to recover the key and decrypt EFS data. The linked records reiterate the vulnerability description and do not provide exploit code ...

CVE-2000-0420

The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System EFS data...

Дырка в Banner Rotation 01

Файл adpassword.txt открытый на чтение содаржит шифрованный DES пароль администрирования. Кроме того по-умолчанию используется пароль admin...

Слабость EFS в Windows 2000

При использовании Encrypted File System в Windows 2000 возможно дешифрование файлов, т.к. локальная база данных безопасности хранится на диске. Для предотвращения этого необходимо использовать syskey с паролем или хранением ключа на дискете...

CVE-2000-0420

The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System EFS data...