1243 matches found
Not being able to create webhooks with basic authentication.
Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5.2 we are getting a "Invalid URL" message. !https://jira.atlassian.com/secure/attachment/85015/webhookserror.png! workaround For Atlassian applications, the REST plugin ...
CVE-2012-3310
TFIM (IBM Tivoli Federated Identity Manager) is affected in versions 6.1.1.14, 6.2.0.12, and 6.2.1.4 (pre-6.2.2). The vulnerability arises when a logging configuration set to all enables trace logging that exposes sensitive credentials in log files: (1) LDAP bind password, (2) keystore passwords,...
PT-2012-1253 · Mendix · Mendix Runtime
Name of the Vulnerable Software and Affected Versions: Mendix Runtime V8 versions Mendix Runtime V9 versions prior to V9.24.29 Mendix Runtime V10 versions prior to V10.16.0 Mendix Runtime V10.6 versions prior to V10.6.15 Mendix Runtime V10.12 versions prior to V10.12.7 Description: A race conditi...
SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data
This module makes use of the RFCREADTABLE Function to read data from tables using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port o...
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link:...
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass
Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link: http://www.softperfect.com/products/bandwidth/ Version: 2.9.10 probably...
XSS и Brute Force уязвимости в WordPress
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting та Brute Force уязвимостях в WordPress. XSS WASC-08: В 2007 году я писал об редиректорах http://websecurity.com.ua/1152/ в WordPress http://websecurity.com.ua/1179/, для которых я выпустил патч в MustLive Security Pack v.1.0.5...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
Google Chrome before 13.0.782.107 has a vulnerability in the Basic Authentication dialog where improper handling of strings could allow remote attackers to capture credentials via a crafted web site (CVE-2011-2361). The issue is tied to Chrome’s authentication UI/Basic Auth dialog, with corrobora...
CVE-2011-2361
Removed by vendor...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...
Nmap NSE net: http-brute
Performs brute force password auditing against http basic authentication. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true http-brute.hostname: sets the host header in case of virtual...
Apple Safari Webkit Multiple Vulnerabilities (Mar 2011)
Apple Safari web browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...
CVE-2011-0160
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...
UBUNTU-CVE-2011-0160
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...
Design/Logic Flaw
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...
CVE-2011-0160
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...