Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

crypt blowfish vulnerabilities and exploits

(subscribe to this query)
1.2
CVSSv2
CVE-2006-0591
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and previous versions do not evenly and randomly distribute salts, which makes it easier for malicious users to guess passwords from a stolen password...
Solar Designer Crypt Blowfish 0.4.7
5
CVSSv2
CVE-2011-2483
crypt_blowfish prior to 1.1, as used in PHP prior to 5.3.7 on certain platforms, PostgreSQL prior to 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent malicious users to determine a cleartext password by leveraging k...
Solar Designer Crypt BlowfishPhp Php 4.3.9Php Php 4.4.9Php Php 3.0Solar Designer Crypt Blowfish 0.4.4Solar Designer Crypt Blowfish 0.4Php Php 5.2.9Php Php 4.0Php Php 3.0.5Php Php 3.0.11Php Php 5.1.5Php Php 5.1.2Php Php 5.3.1Php Php 4.2.0Php Php 5.1.1Php Php 3.0.1Php Php 5.2.14Php Php 3.0.2Php Php 4.4.4Php Php 5.0.0Php Php 4.1.0Php Php 5.1.6
7.5
CVSSv2
CVE-2011-3379
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote malicious users to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Php Php 5.3.7Php Php 5.3.8
6.4
CVSSv2
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP prior to 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote malicious users to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, v...
Php Php 5.3.0Php Php 4.0.4Php Php 4.0.5Php Php 4.0Php Php 4.1.0Php Php 4.2.2Php Php 4.2.3Php Php 4.3.3Php Php 4.3.4Php Php 4.4.1Php Php 4.4.2Php Php 3.0.11Php Php 3.0.10Php Php 3.0.4Php Php 3.0.3Php Php 3.0.8Php Php 3.0.5Php PhpPhp Php 4.0.0Php Php 4.0.1Php Php 4.2.0Php Php 4.3.1
7.5
CVSSv2
CVE-2011-1148
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and previous versions allows context-dependent malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
Php Php 5.3.0Php Php 4.0.3Php Php 4.0.4Php Php 4.0Php Php 4.1.0Php Php 4.2.2Php Php 4.2.3Php Php 4.3.2Php Php 4.3.3Php Php 4.4.1Php Php 4.4.2Php Php 4.4.9Php Php 3.0.11Php Php 3.0.18Php Php 3.0.4Php Php 3.0.8Php Php 3.0.5Php Php 5.3.5Php PhpPhp Php 4.0.1Php Php 4.0.2Php Php 4.2.1
7.5
CVSSv2
CVE-2011-1938
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 up to and including 5.3.6 might allow context-dependent malicious users to execute arbitrary code via a long pathname for a UNIX socket.
Php Php 5.3.4Php Php 5.3.5Php Php 5.3.3Php Php 5.3.6
5
CVSSv2
CVE-2011-3182
PHP prior to 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveragi...
Php Php 4.3.3Php Php 4.3.6Php Php 4.4.6Php Php 4.4.7Php Php 4.3.9Php Php 5.2.8Php Php 4.4.0Php Php 5.0.4Php Php 5.2.9Php Php 5.0.0Php Php 5.1.6Php Php 5.2.0Php Php 2.0b10Php Php 2.0Php Php 3.0.11Php Php 3.0.10Php Php 3.0.3Php Php 3.0.15Php Php 3.0.7Php Php 3.0.8Php Php 4.0Php Php 4.0.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook