73 matches found
CVE-2020-4778
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...
Security Bulletin: IBM Cúram Social Program Management uses MD5 algorithm (CVE-2020-4778)
Summary IBM Cúram Social Program Management uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. Vulnerability Details CVEID: CVE-2020-4778 DESCRIPTION: IBM Cúram Social Program Management use...
Huawei Data Communication: Configuring OSPF Authentication
OSP authentication is configured to prevent attackers from attempting to use control plane protocols to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...
Huawei Data Communication: Deploying IS-IS Authentication
IS-IS authentication is deployed to prevent attackers from attempting to use the control plane protocol to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4257-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4257-1 advisory. It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use th...
SecurityNotFound - 404 Page Not Found Webshell
Clone me! Clone or download the project: git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound cd SecurityNotFound "Installation" The src/404.php file should be located on the target server. That server must have the ability to execute .php files. Here is an example of so...
CVE-2019-6972
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the...
CVE-2019-6972
The CVE-2019-6972 issue affects TP-Link TL-WR1043ND V2 devices. The vulnerability arises from credentials stored in the Authorization cookie being URL-encoded and base64 encoded, making them easily decoded; the username is in cleartext and the password is MD5-hashed after decoding. This exposes w...
WordPress <= 4.8.2 Weak Password Hash Algorithm
WordPress uses a weak MD5 password hashing algorithm. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-6707
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3275-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-2 advisory. USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Tenable has extracted the preceding...
Dolibarr <= 4.0.4 Multiple Vulnerabilities - Active Check
Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3275-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-1 advisory. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java...
Design/Logic Flaw
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...
CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...
CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...
Sawmill Enterprise 8.7.9 - Authentication Bypass
Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt + ISR: ApparitionSec Vendor: =============== www.sawmill.net Product: ======================== Sawmill Enterprise v8.7.9...
Yahoo Challenged on Claims Breach Was State-Sponsored Attack
As challenges mount against Yahoo’s attribution of a massive 2014 data breach to state-sponsored hackers, CISO Bob Lord yesterday confirmed that a cache of 200 million Yahoo accounts marketed this summer in an underground forum is unrelated to the breach. Speaking at the Structure Security...
RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)
Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Critical: Red Hat Security Advisory: java-1.7.0-oracle security update
Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...