CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

DEBIAN-CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to disclose protected information.

The vulnerability of the Splunk Web platform’s software interface for Splunk Enterprise operating analysis is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to the authentication data of the REST API interface through speciall...

DEBIAN-CVE-2016-10351

Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations...

Microsoft Outlook for Mac Spoofing Vulnerability

Microsoft Outlook is an e-mail client software bundled with the Office suite from Microsoft USA. The software manages e-mail, contacts, calendars, and more. Microsoft Outlook for Mac does not properly validate HTML tagged inputs has an implementation spoofing vulnerability that could allow an...

HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download

''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3; sent to fetchRow query with out any senitization Steps to reproduce:...

The vulnerability of the GNU Mailman mailing system allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of the GNU Mailman system’s user configuration page relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely access the authentication data of arbitrary users through modified requests. As a result, the access to the...

The vulnerability of the ABB PCM600 control and configuration device allows a intruder to access information related to user account data.

The vulnerability of the ABB PCM600 control and configuration device lies in the way authentication information is stored in a database, in the form of hexadecimal ASCII values. Exploiting this vulnerability could allow an attacker, operating locally, to gain access to information about user...

DEBIAN-CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time...

CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time...

CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time...

The vulnerability of the Thunderbird email client, which allows a malicious actor to gain access to authentication data

The Mozilla Thunderbird email client contains a vulnerability related to errors in the implementation of the Web Workers technology. Exploiting this vulnerability allows malicious actors operating remotely to circumvent Domain Restrictions Policy SOP rules and gain access to authentication data...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to gain access to authentication data

Mozilla SeaMonkey software contains a vulnerability related to errors in the implementation of the Web Workers technology. Exploiting this vulnerability allows malicious actors operating remotely to circumvent Domain Restrictions Policy SOP rules and gain access to authentication data through err...

The vulnerability of the Firefox browser, which allows a malicious individual to gain access to authentication data

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the Web Workers technology. Exploiting this vulnerability allows malicious actors operating remotely to circumvent Domain Restrictions Policy SOP rules and gain access to authentication data through...

Open-Xchange Guard Information Disclosure Vulnerability

Open-Xchange Guard OX Guard is a suite of security protection software for e-mail and files from Open-Xchange, Inc. in the United States. An information disclosure vulnerability exists in OX Guard version 2.4.0, which originates when the program returns a different error code. A remote attacker...

The vulnerability of the microprogramming software of the Medialink MWN-WARP300N router allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of the Microprogrammed Routing Software of the Medialink MWN-WARP300N router is related to the of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

The vulnerability of the microprogrammed software of the N600 DB Belkin F9K1102 allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of the N600 DB Belkin F9K1102 router’s microprogramming software is related to the falsification of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

The vulnerability of Amped Wireless R10000’s microprogramming software allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of Amped Wireless R10000’s microprogramming software is related to the of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

Vulnerabilities in the Moodle learning management system allow a hacker to gain access to the authentication data of arbitrary users

The multiple vulnerabilities of the Moodle learning management system’s module for lessons are related to the manipulation of cross-site requests. Exploiting these vulnerabilities could allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users throu...

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a perpetrator to gain access to the authentication data of arbitrary users.

The vulnerability of the web application framework of the Cisco Identity Services Engine is related to the。 Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...