CVE-2010-1651

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...

CVE-2010-1651

IBM WebSphere Application Server (WAS) is affected by CVE-2010-1651: when Basic authentication and SIP tracing are enabled, SIP trace logs contain the complete inbound/outbound SIP messages, allowing a local attacker to read sensitive information. Affected versions are WAS 6.1.x prior to 6.1.0.31...

NIBE heat pump - Local File Inclusion

!/usr/bin/python import socket,sys,os,base64 NIBE heat pump LFI exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Special thanks to Fredrik Nordberg Almroth and Mathias Karlsson for obtaining this information http://h.ackack.net/?p=274 which made me test the heat pumps and...

PT-2010-2872 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...

Apache Tomcat information leak

Internal computer name and port may be used as a realm name for HTTP basic authentication...

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...

Apache ActiveMQ Detection

An administrative web interface for Apache ActiveMQ is running on the remote host. ActiveMQ is an open source messaging and Enterprise Integration Patterns server system. Note that starting with version 5.4.0, HTTP Basic Authentication is available to secure the administrative interface, and...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

Authentication flaw

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

Httpdx v1.5.3 Remote Break Server HTTP

Exploit for windows platform in category dos / poc ====================================================================== httpdx v1.5.3 PNG File Handling Remote Denial of Service Vulnerability ====================================================================== Vulnerable: httpdx httpdx 1.5.3...

Authentication flaw

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy...

CVE-2010-0550

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy...

SuSE 11 Security Update : ruby (SAT Patch Number 1073)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

SuSE9 Security Update : ruby (YOU Patch Number 12452)

This update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSPbasicverify to refuse usage of revoked certificates. CVE-2009-0642 - Increase entropy of DNS identifiers to avoid spoofing attacks. CVE-2008-3905 - Fix denial of service DoS...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credential...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An attacker can exploit this issue to cra...

Apache HTTP Server HTTP-Basic认证绕过漏洞

Bugraq ID: 35840 CNCAN ID：CNCAN-2009072903 Apache HTTP Server是一款流行的WEB服务程序。 Apache HTTP Server存在HTTP-Basic认证绕过问题，远程攻击者可以利用漏洞访问受资源，获得敏感信息。 当用户要访问需要认证的资源时Apache HTTP Server会返回"401 Authorization Required"消息，也会包含提示需要哪种认证机制的HTTP消息，"Basic"认证是最通用的一种，基于BASE64编码的字符串：username:password，如果凭据正确，WEB服务器将返回"200...

openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...