CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...

GHSA-4V8W-GG5J-PH37 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling

Due to an incorrect use of loose == instead of strict === comparison in the authentication code1, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation. 1:...

The vulnerability of the virtual learning environment Moodle, related to deficiencies in the authentication process, allows a perpetrator to bypass the authentication process.

The vulnerability in the virtual learning environment Moodle is related to deficiencies in the authentication process when processing “magic hash” passwords. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process...

PT-2024-8661 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a flaw in the authentication procedure when handling "magic hash" passwords. This flaw can allow a remote attacker to bypass the authentication process due to a loose...

Ovarro TBox RTUs 加密问题漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. Ovarro TBox RTUs is vulnerable to an encryption issue that arises from the use of an insecure encryption algorithm to encrypt stored hash passwords...

GHSA-Q4V3-WMM6-HCRX pyrad is vulnerable to the use of Insufficiently Random Values

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

Information disclosure

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

pyrad -- multiple vulnerabilities

Nathaniel McCallum reports: packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. The CreateID function in packet.py in pyrad before 2.1 uses...

PHP-Fusion Database Backup - Information Disclosure

source: https://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required. A...