Searching md5 software vulnerabilities

The default PAM files included with passwd in M

passwords | security | Mandrake | included | password | intended | support | default | result | passwd | level | lower | could | Linux | files | which | than | PAM | not | MD5 |

The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.


The GetPassword function in function.php of Sit

functionphp | GetPassword | SiteNews | function |

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.


X-News (x_news) 1.1 and earlier allows attacker

X-News |

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.


Pingtel xpressa SIP-based voice-over-IP phone 1

voice-over-IP | SIP-based | Pingtel | xpressa | phone |

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.


TeeKai Forum 1.2 uses weak encryption of web us

data/member_logtxt | insufficient | encryption | statistics | attackers | dividing | document | visiting | identify | control | TeeKai | access | remote | allows | stored | Forum | octet | usage | under | which | each | uses | hash | '20' | IP's | root | site | weak | web | MD5 |

TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.


TeeKai Tracking Online 1.0 uses weak encryption

data/userlog/logtxt | encryption | statistics | attackers | dividing | Tracking | identify | visiting | remote | allows | Online | TeeKai | usage | which | octet | '20' | hash | each | uses | weak | site | IP's | web | MD5 |

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.


Mail in Mac OS X before 10.3, when configured t

before | Mail | Mac |

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.


index2.php in Mambo 4.0.12 allows remote attack

index2php | Mambo |

index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.


Jaws 0.3 allows remote attackers to bypass auth

authentication | applicationphp | logged_on | attackers | password | adminphp | function | compared | variable | against | request | session | allows | remote | bypass | cookie | logged | which | Jaws | hash | null | HTTP | via | set | MD5 |

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.


CitrusDB 0.3.6 and earlier generates easily pre

CitrusDB |

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.


TowerBlog 0.6 and earlier stores the login data

_dat/login | checksums | TowerBlog | attackers | username | password | earlier | request | remote | direct | obtain | stores | allows | under | login | which | data | file | root | web | MD5 | via |

TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.


The default configuration on OpenSSL before 0.9

configuration | OpenSSL | default | before |

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptorgaphically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.


Noah Medling RCBlog 1.03 stores the data and co

Medling | RCBlog | Noah |

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.


claro_init_local.inc.php in Claroline 1.7.2 use

claro_init_localincphp | Claroline |

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.


Text Rider 2.4 allows attackers to bypass authe

authentication | attackers | providing | obtaining | password | without | upload | allows | bypass | valid | Rider | files | hash | Text | MD5 |

Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.


DeluxeBB 1.08, and possibly earlier, uses cooki

DeluxeBB |

DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.


** DISPUTED ** BellaBiblio allows remote attac

"administrator" | administrative | BellaBiblio | privileges | attackers | DISPUTED | cookie | remote | allows | value | gain | via |

** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash.


Admin.php in Olate Download (od) 3.4.1 uses an

Download | Adminphp | Olate |

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.


CS Guestbook stores sensitive information under

base/usr/0php | insufficient | information | attackers | Guestbook | sensitive | password | control | request | remote | direct | obtain | access | stores | allows | under | which | admin | hash | name | root | web | MD5 | via |

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.


Software vulnerabilities results 1 to 20 of 32     
Page: 12