11 matches found
EUVD-2024-51504
Malicious code in bioql PyPI...
EUVD-2021-30241
Malicious code in bioql PyPI...
The vulnerability of the Basic HTTP Authentication module in Drupal CMS systems allows attackers to circumvent existing security restrictions.
The vulnerability of the Basic HTTP Authentication module in Drupal CMS systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
CVE-2024-13291
CVE-2024-13291 concerns Drupal’s Basic HTTP Authentication module. Affected versions are 7.X-1.0 through 7.X-1.3 (and 7.X-1.0 to 7.X-1.3 per PT-2024-10484) with the issue arising from insufficient authorization, enabling forceful browsing (an access-bypass scenario). The vulnerability is fixed in...
CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...
CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...
GHSA-R3FQ-CMMW-CPMM Containous Traefik Exposes Password Hashes
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control which is contrary to the API documentation, allows remote authenticated users to discover password hashes by reading the Basic HTT...
CVE-2021-43298
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...
The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to the default use of the HTTP protocol, allows a hacker to intercept administrator credentials and other confidential information.
The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to intercept administrator credentials and oth...
The vulnerability of the “Basic HTTP Authentication” method implemented in NPort IAW5000A-I/O Series web servers allows attackers to disclose sensitive information.
The vulnerability of the “Basic HTTP Authentication” method implemented in NPort IAW5000A-I/O Series web servers is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
lighttpd -- Log injection vulnerability in mod_auth
MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...