postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

SUSE CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

PT-2026-5765

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

EUVD-2016-7267

Malware in sbrugna...

EUVD-2001-1171

Malware in sbrugna...

EUVD-2013-4938

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-7888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. CVE-2017-7888 Note that Nessus relies on the presence of...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

Design/Logic Flaw

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer QCI forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack...

MDVA-2009:055 : webmin

Webmin shipped with Mandriva Linux 2009.0 used crypt method for password creation, which prevented usage of passwords longer than 8 character. This update configures webmin to create MD5 passwords for new users by default. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the...

Thickbox Gallery 2.0 - 'Admins.php' Admin Data Disclosure

Thickbox Gallery v2 Admin Data Disclosure + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Arbitrary Admin Data Disclosure - Go here and you will see the admin data login name + crypted password as MD5...

phpeasynews-sql.txt

-+================================================================================+- -+ PHPEasyNews = 1.13 RC2 SQL Injection Vulnerabilitys +- -+================================================================================+- Discovered By: t0pP8uZz Discovered On: 4 JUNE 2008 Script Download:...

Nitro Web Gallery 1.4.3 - section SQL Injection

Nitro Web Gallery 1.4.3 - section SQL Injection Viva IslaM Viva IslaM Remote SQL Injection Vulnerability NiTrO Web Gallery V1.3 - V1.4- V1.41 - 1.42 - V1.43 albums.php section AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : NiTrO Web Gallery Versions...

ajclassifieds-sql.txt

--==+================================================================================+==-- --==+ AJ Classifieds 2008 index.php Remote SQL Injection Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On:...

AJ Classifieds 2008 (index.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== AJ Classifieds 2008 index.php Remote SQL Injection Vulnerability ==================================================================...

Mandrake Linux Security Advisory : passwd (MDKSA-2001:091)

The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5 passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

CVE-2001-1190

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended...