Download
| Alert*
|
oval:org.secpod.oval:def:1601354
The crypt_des function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt ... oval:org.secpod.oval:def:700881 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash or incorrectly handle authentication. oval:org.secpod.oval:def:1300080 Multiple vulnerabilities has been identified and fixed in php: There is a programming error in the DES implementation used in crypt in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only ... oval:org.secpod.oval:def:103906 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:104806 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:202377 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:700906 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:104029 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:104028 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:103897 PostgreSQL is an advanced Object-Relational database management system that supports almost all SQL constructs . The postgresql package includes the client programs and libraries that you"ll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipul ... oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:500837 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:1503933 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:500839 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:105375 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1601320 A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when cal ... oval:org.secpod.oval:def:1601283 Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. The crypt_des fu ... oval:org.secpod.oval:def:104093 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:600827 Two vulnerabilities were discovered in PostgreSQL, an SQL database server: CVE-2012-2143 The crypt function in the pgcrypto contrib module did not handle certain passwords correctly, ignoring characters after the first character which does not fall into the ASCII range. CVE-2012-2655 SECURITY DEFINE ... oval:org.secpod.oval:def:1300079 Multiple vulnerabilities has been discovered and corrected in postgresql: Fix incorrect password transformation in contrib/pgcrypto's DES crypt function . If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than i ... oval:org.secpod.oval:def:202381 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:103904 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:104619 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:202363 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:202362 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:103966 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:500841 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:1503882 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:103967 eAccelerator is a further development of the MMCache PHP Accelerator & Encoder. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. oval:org.secpod.oval:def:103965 ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous gameplay . Features: Complex car physics, Challenging "story mode", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. oval:org.secpod.oval:def:202366 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:103963 ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous gameplay . Features: Complex car physics, Challenging "story mode", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. oval:org.secpod.oval:def:103960 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:104797 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:105366 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:10714 The host is installed with Mac OS X 10.6.8 or 10.7 before 10.7.5 or 10.8.x before 10.8.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly process the complete cleartext password if this password contains a 0x80 character. Successf ... oval:org.secpod.oval:def:104099 PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you"ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the P ... oval:org.secpod.oval:def:1507098 Oracle Linux 8 php:8.0 security update oval:org.secpod.oval:def:10725 The host is installed with Apple Mac OS X 10.6.8, 10.7 before 10.7.5 or 10.8 before 10.8.2 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. |
