1249 matches found
CVE-2012-5952
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via...
IBM Lotus Domino 8.5.3 XSS / CSRF / Redirection
Hello list! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Domino. At 30th of November IBM released the advisory concerning these vulnerabilities. CVE ID: CVE-2012-4842, CVE-2012-4844. SecurityVulns ID: 12789. IBM Security Bulletin for Open...
Google Chrome Silent HTTP Authentication
Exploit for multiple platform in category dos / poc VULNERABILITY DETAILS The latest version of Google Chrome Tested on Version 24.0.1312.57 fails to properly recognize HTTP Basic Authentication when injected in various HTML tags. As a result of this behavior Chrome will not alert the user when...
Google Chrome - Silent HTTP Authentication
Exploit Title: Google Chrome Silent HTTP Authentication Date: 2-5-2013 Exploit Author: T355 Vendor Homepage: http://www.google.com/chrome Version: 24.0.1312.57 Tested on: Tested on: Windows 7 & Mac OSX Mountain Lion CVE : n/a VULNERABILITY DETAILS The latest version of Google Chrome Tested on...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31953. panel Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...
Not being able to create webhooks with basic authentication.
Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5.2 we are getting a "Invalid URL" message. !https://jira.atlassian.com/secure/attachment/85015/webhookserror.png! workaround For Atlassian applications, the REST plugin ...
CVE-2012-3310
TFIM (IBM Tivoli Federated Identity Manager) is affected in versions 6.1.1.14, 6.2.0.12, and 6.2.1.4 (pre-6.2.2). The vulnerability arises when a logging configuration set to all enables trace logging that exposes sensitive credentials in log files: (1) LDAP bind password, (2) keystore passwords,...
PT-2012-1253 · Mendix · Mendix Runtime
Name of the Vulnerable Software and Affected Versions: Mendix Runtime V8 versions Mendix Runtime V9 versions prior to V9.24.29 Mendix Runtime V10 versions prior to V10.16.0 Mendix Runtime V10.6 versions prior to V10.6.15 Mendix Runtime V10.12 versions prior to V10.12.7 Description: A race conditi...
SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data
This module makes use of the RFCREADTABLE Function to read data from tables using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port o...
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link:...
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass
Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link: http://www.softperfect.com/products/bandwidth/ Version: 2.9.10 probably...
XSS и Brute Force уязвимости в WordPress
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting та Brute Force уязвимостях в WordPress. XSS WASC-08: В 2007 году я писал об редиректорах http://websecurity.com.ua/1152/ в WordPress http://websecurity.com.ua/1179/, для которых я выпустил патч в MustLive Security Pack v.1.0.5...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
Google Chrome before 13.0.782.107 has a vulnerability in the Basic Authentication dialog where improper handling of strings could allow remote attackers to capture credentials via a crafted web site (CVE-2011-2361). The issue is tied to Chrome’s authentication UI/Basic Auth dialog, with corrobora...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
Removed by vendor...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...
tomcat: information disclosure in authentication headers
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...