qibocms某功能缺陷可致前台管理登录

简要描述： RT.前台管理登录，由于是通用文件，涉及多个系统。 详细说明： 0x1 前台admin登录 inc/function.inc.php: function mymd5$string,$action="EN",$rand='' //字符串加密和解密 global $webdb; if$action=="DE"//处理+号在URL传递过程中会异常 $string = strreplace'QIBO|ADD','+',$string; $secretstring = $webdbmymd5.$rand.'5j,.^&;?.%@!'; //绝密字符串,可以任意设定...

RHEL 5 : MRG (RHSA-2014:0441)

Updated Messaging component packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

Updated mono packages fix security vulnerability

Mono 2.10.9 does not properly randomize hash functions for form posts to protect against hash collision attacks. A remote attacker could send specially crafted parameters, possibly resulting in a Denial of Service condition CVE-2012-3543...

PSF-2014-2 Hash function not randomized properly

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

Mono: Denial of service

Background Mono is an open source implementation of Microsoft’s .NET Framework. Description Mono does not properly randomize hash functions for form posts to protect against hash collision attacks. Impact A remote attacker could send specially crafted parameters, possibly resulting in a Denial of...

[ MDVSA-2014:079 ] json-c

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:079 http://www.mandriva.com/en/support/security/ Package : json-c Date : April 17, 2014 Affected: Business Server 1.0 Problem Description: Updated json-c packages fix security vulnerabilities: Florian Weimer...

Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...

MGASA-2014-0175 Updated json-c packages fix security vulnerabilities

Updated json-c packages fix security vulnerabilities: Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using sizet if possible for sizes, or to be...

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

The National Institute of Standards and Technology NIST had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA...

Rovnix hash collision vulnerability

Exploitation of a weakness in Rovnix malicious software hash function. The default password on Rovnix panel are 'admin' admin = fbff791ef0770855e599ea6f87d41653 but you can log with '21173' This exploit will defeat the weak hash function of Rovnix to get password from a hash. '; echo'Value: '...

Amazon Linux AMI : python26 (ALAS-2012-98)

A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array...

Forthcoming SHA-3 Hash Function May Be Unnecessary

For the last five years, NIST, the government body charged with developing new standards for computer security, among other things, has been searching for a new hash function to replace the aging SHA-2 function. Fives years is a long time, but this is the federal government and things move at the...

Hotmail Limits Passwords to 16 Characters

Passwords, unfortunately, still are the main authentication mechanism on most Web sites, including all of the popular webmail services, such as Hotmail, Gmail and Yahoo Mail. Many sites encourage users to pick complex and long passwords, so it’s surprising to see that Microsoft now has limited...

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update

JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS...

CentOS Update for python CESA-2012:0744 centos6

Check for the Version of python OpenVAS Vulnerability Test CentOS Update for python CESA-2012:0744 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

CentOS Update for expat CESA-2012:0731 centos6

Check for the Version of expat OpenVAS Vulnerability Test CentOS Update for expat CESA-2012:0731 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for irb CESA-2012:0070 centos4

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for python CESA-2012:0744 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

JRuby: Denial of service

Background JRuby is a Java-based Ruby interpreter implementation. Description JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition. Workaround...

RedHat Update for ruby RHSA-2012:0069-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2012:0069-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...