1245 matches found
drupwn
This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
SUSE CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031 Incorrect URL stripping in CSP reports
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031 Incorrect URL stripping in CSP reports
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
CVE-2025-8031 concerns a vulnerability where the username:password portion is not correctly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials. The CVE’s context across connected documents shows affected software including Firefox and Thunderbird variants...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
CVE-2025-8031
The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
Mozilla -- HTTP Basic Authentication credentials leak
[email protected] reports: The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials...
CVE-2025-34099
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...
CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...
CVE-2025-34099
Affected software: VICIdial v2.9 RC1–2.13 RC1; component: vicidial_sales_viewer.php. Root cause: when password encryption is enabled (non-default), the HTTP Basic Authentication password is directly passed to exec(), enabling unauthenticated command injection. Impact: arbitrary OS command executi...
CVE-2025-27025
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...
CVE-2025-27025
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...
CVE-2025-27025 Improper File Access in Infinera G42
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...
CVE-2025-27025
CVE-2025-27025 affects Infinera G42 devices. A service on a TCP port with Basic Authentication allows PUT and GET; directory traversal can write files to arbitrary locations as root and read arbitrary files. This yields full filesystem access and modification. Exploitation status and patches are ...
CVE-2025-27025 Improper File Access in Infinera G42
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...
PT-2025-27621 · Infinera · G42
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a service exposed on a specific TCP port with a configured endpoint that uses Basic Authentication. This endpoint is vulnerable to Directory Traversal attacks, allowing...