Hashcat Advanced Password Recovery 7.1.2 Source Code

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code...

Hashcat Advanced Password Recovery 7.1.2 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

Hashcat Advanced Password Recovery 7.1.1 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

Hashcat Advanced Password Recovery 7.0.0 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

GHSA-6F9M-V7MP-7JJQ Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

GHSA-X4RJ-F7M6-42C3 TYPO3 CMS Authentication Bypass vulnerability

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

PT-2024-40518 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns an Authentication Bypass in the Salted Password system extension of TYPO3. This occurs when using hashing methods related by PHP class inheritance. Specifically, stored...

Malicious Package Via Repository Hijacking

hautelook/phpass was taken over as malicious package. The package repository was hijacked to tampered and used as a malware distribution vector after original account owner has deleted the account...

GSD-2022-1002522 backdoor in phpass version 0.3.x-dev, 0.3.x

In PHP phpass version 0.3.x-dev, 0.3.x a backdoor exists in the phpass package that can be attacked via malicious package update resulting in credential theft...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

Password Cracker: Webapps

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from various web applications. Atlassian uses PBKDF2-HMAC-SHA1 which is 12001 in hashcat. PHPass uses phpass which is 400 in hashcat. Mediawiki is MD5 based and is 3711 in hashcat. Apache Superset, some...

typo3 -- multiple vulnerabilities

Typo3 core team reports: It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

Timing Attack

ozh/phpass is vulnerable to timing attacks. The attacks are possible because it validates the password using == or === in the CheckPassword function rather than a constant time function. Using this flaw, attackers are able to use the time which a password request takes to return to slowly work ou...

Debian Security Advisory DSA 3085-1 (wordpress - security update)

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/CVE-2014-9031 Jouko Pynnonen discovered an...

DSA-3085-1 wordpress - security update

Bulletin has no description...

WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034)

author details: John M. [email protected] homepage details: SECURELI.com Description: CVE-2014-9034 was published recently, highlighting an issue that “allows remote attackers to cause a denial of service CPU consumption via a long password that is improperly handled during hashing” due to phpass...

Updated wordpress package fixes security vulnerabilities

XSS in wptexturize via comments or posts, exploitable for unauthenticated users CVE-2014-9031. XSS in media playlists CVE-2014-9032. CSRF in the password reset process CVE-2014-9033. Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without...

DEBIAN-CVE-2014-9034

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service CPU consumption via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016...