Category Archives: Advisories

CVE-2016-20013

Read Time:9 Second

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm’s runtime is proportional to the square of the length of the password.

Read More

CVE-2017-0371

Read Time:18 Second

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=”background-image: attr(title url);” attack within a DIV element that has an attacker-controlled URL in the title attribute.

Read More

CVE-2016-2124

Read Time:10 Second

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Read More

CVE-2020-25719

Read Time:17 Second

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Read More

CVE-2020-8242

Read Time:9 Second

Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.

Read More