17 matches found
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.4 contained a security vulnerability. This vulnerability stemmed from the use of the SHA-1 hash algorithm for handling attachments. The SHA-1 algorithm is vulnerabl...
TencentOS Server 4: pam (TSSA-2024:1135)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1135 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2022-29731
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users...
EulerOS Virtualization 2.12.1 : pam (EulerOS-SA-2025-1555)
According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability...
CBL Mariner 2.0 Security Update: pam (CVE-2024-10041)
The version of pam installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10041 advisory. - A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger th...
EulerOS 2.0 SP11 : pam (EulerOS-SA-2025-1142)
According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending...
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape b...
Websites that Collect Your Data as You Type
A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a...
Mail.ru: mailer.i.bizml.ru viber service preprod information disclosure
DEBUG mode enabled on http://52.29.101.127:1060/ leading to DB login and passwd leaks...
openSUSE Security Update : aria2 (openSUSE-2019-50)
This update for aria2 fixes the following security issue : - CVE-2019-3500: Metadata and potential password leaks via --log= boo1120488 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE: Security Advisory for aria2 (openSUSE-SU-2019:0050-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for aria2 (moderate)
openSUSE Security Update: Security update for aria2 Announcement ID: openSUSE-SU-2019:0050-1 Rating: moderate References: 1120488 Cross-References: CVE-2019-3500 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now...
New strain of Mac malware Proton found after two years
Last week, Kaspersky reported on a new variant of the Mac malware Proton, which they have dubbed Calisto, that has been around for at least two years. Calisto is thoroughly dead at this point, but there are still potential security implications involved with these older infections. Proton was fir...
A Deep Learning Approach for Password Guessing: PassGAN
State-of-the-art password guessing tools, such as HashCat and John the Ripper JTR, enable users to check billions of passwords per second against password hashes. In addition to straightforward dictionary attacks, these tools can expand dictionaries using password generation rules. Although these...
Huawei S5300 Campus Series Switches information Disclosure Vulnerability (huawei-sa-20160112-01-switch)
Huawei S5300 Campus Series switches are prone to a local information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ...
With LinkedIn: The Bell Tolls For Simple Password Hashing
This week’s revelations about leaks of user passwords from the professional networking site LinkedIn, dating Web site eHarmony.com and music site Last.fm suggest that even tech-savvy firms are slow to accept that hashes -a once-reliable technology for storing data online – now offer scant...
Bogus Report: 55,000 Twitter accounts compromised
Bogus Report: 55,000 Twitter accounts compromised Thousands of Twitter passwords were exposed this week and the site was looking into matter. According to a message posted on Twitter's Japanese blog, None of the recently leaked Twitter logins and passwords came from within the company. Twitter ha...