274 matches found
Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)
It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...
USN-1596-1: Python 2.6 vulnerabilities
It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...
SHA-3 Winner Chosen, But It May Be Years Before Keccak Has an Effect
Now that NIST has selected Keccak as the winner of the five-year-long SHA-3 competition, the next question to be answered is whether the new hash algorithm will be implemented in any meaningful way in the near future. The answer, for right now at least, appears to be probably not. The SHA-3...
Ubuntu Update for python2.7 USN-1592-1
Ubuntu Update for Linux kernel vulnerabilities USN-1592-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15921.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python2.7 USN-1592-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Th...
Ubuntu: Security Advisory (USN-1592-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1592-1: Python 2.7 vulnerabilities
Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. CVE-2011-1521 It was...
CVE-2011-2082
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords...
Design/Logic Flaw
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords...
CVE-2011-2082
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords...
CVE-2011-2082
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords...
gnutls: unknown hash algorithm NULL pointer derefence [GNUTLS-SA-2006-2]
The gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference...
MySQL Weak Hash Algorithm
The version of MySQL installed on the remote host is older than 4.1.1. As such, it reportedly uses a weak algorithm to hash the passwords. A attacker who can read the mysql.user table will be able to retrieve the plaintext passwords quickly by brute-force attack. C Tenable Network Security, Inc...
FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)
oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...
Multiple implementations -- DoS via hash algorithm collision
oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...
CVE-2011-3427
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate...
CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...
Default credentials
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...
CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...
CVE-2010-2468
CVE-2010-2468 affects S2 Security NetBox 2.x and 3.x as used in Linear eMerge 50/5000 and Sonitrol eAccess. The root cause is the use of a weak hash algorithm for storing the Administrator password, which can allow context-dependent attackers to recover the password and gain privileged access. Th...
CVE-2006-7239
The gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference...