UBUNTU-CVE-2016-1901

Integer overflow in the authenticatepost function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow...

The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a intruder to authenticate as an arbitrary user.

The vulnerability of the Microprogramming Software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to bypass authentication by acting as an arbitrary user...

CVE-2014-6382

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge BBE router, allows remote attackers to cause a denial of service jpppd crash and restart by sending a crafted P...

Design/Logic Flaw

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge BBE router, allows remote attackers to cause a denial of service jpppd crash and restart by sending a crafted P...

CVE-2014-6382

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge BBE router, allows remote attackers to cause a denial of service jpppd crash and restart by sending a crafted P...

Multiple Buffer Overflow Vulnerabilities in VDG Security SENSE

VDG Security SENSE is a video management system. Multiple buffer overflow vulnerabilities in the VDG Security SENSE DIVA web service API allow remote attackers to submit a special AuthenticateUser request to execute arbitrary code via the user or password parameters...

CVE-2014-8749

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

Cisco IOS XR Software Information Disclosure Vulnerability

A vulnerability in the command-line interface CLI of Cisco IOS XR Software could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to insufficient data protection of sensitive information. An attacker could exploit this vulnerability by issuing...

Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability

A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. The vulnerability is due to improper sanitization of user input. An exploit could allow the attacker to view the content...

openstack-swift: XSS in Swift requests through WWW-Authenticate header

It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks and possibly other impacts if a user were tricked into clicking on a malicious URL...

CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

USN-2256-1 swift vulnerability

John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing...

UBUNTU-CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

Cisco IOS XR Software SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause a reload of the SNMP process on an affected device. The vulnerability is due to improper processing of SNMP requests for certain MIBs. An attacker...

Buffer overflow

Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a long string in the first argument...

CVE-2010-5289

Buffer overflow in the Authenticate method of the INCREDISPOOLERLib.Pop ActiveX control (ImSpoolU.dll) in IncrediMail 2.0 is the issue. The vulnerability arises from a long string in the first argument, triggering a crash (DoS) and potentially unspecified impact. Affected component: ImSpoolU.dll,...

Privoxy < 3.0.21 Multiple Information Disclosure Vulnerabilities

According to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.21. It is, therefore, affected by multiple information disclosure vulnerabilities due to the application not properly handling Proxy-Authenticate and Proxy-Authorization headers. Th...

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

Code injection

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...