EUVD-2011-3154

Malware in sbrugna...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

Authentication flaw

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2019-5135

WAGO PFC100/200 Web-Based Management (WBM) authentication timing information disclosure (CVE-2019-5135) is detailed in the TALOS entry. The vulnerability resides in the WBM login routine where the PHP crypt() function is used to generate a password hash for comparison, allowing an attacker to inf...

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

sphpblog多个输入验证漏洞

Simple PHP Blog是一款无需数据库支持的简单Blog程序。 sphpblog中存在多个漏洞，起因是应用程序没有正确的验证用户输入。远程攻击者可以利用这些漏洞获取敏感信息或执行任意代码。 A. 完整路径泄漏 http://Url/sphpblog/scripts/sbfunctions.php Ex: Warning: mainscripts/sbfileio.php: failed to open stream: No such file or directory in /var/www/sphpblog/scripts/sbfunctions.php on line 52...