openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

Design/Logic Flaw

Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...

FreeBSD : Multiple Potential Buffer Overruns in Samba (2de14f7a-dad9-11d8-b59a-00061bc2ad93)

Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool SWAT on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected. Another buffer overflow bug has been found in the code used to support the 'mangling...

Oracle 9i Release 2 XDB HTTP Pass Overflow

Added: 02/25/2009 CVE: CVE-2003-0727 BID: 8375 OSVDB: 2449 Background Oracle 9i release 2 includes the XDB HTTP service which by default listens on port 8080. Problem A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary...

SuSE Update for openwsman SUSE-SA:2008:041

Check for the Version of openwsman OpenVAS Vulnerability Test $Id: gbsuse2008041.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for openwsman SUSE-SA:2008:041 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

WowWee Rovio Insufficient Access Controls

SUMMARY WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible OVERVIEW Rovio from WowWee does not adequately secure all accessible URLs or media streams, enabling an unauthorized user with network access to the robotic webcam platform the ability to listen to and view...

Web Server Uses Basic Authentication Without HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext. An attacker eavesdropping the traffic might obtain logins and passwords of valid users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34850; scriptversion"$Revision...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

[SECURITY] Fedora 9 Update: neon-0.28.3-1.fc9

neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete S...

Immunity Canvas: MS08_062

Name| ms08062 ---|--- CVE| CVE-2008-1446 Exploit Pack| CANVAS Description| Windows Internet Printing Service Overflow Notes| CVE Name: CVE-2008-1446 VENDOR: Microsoft Notes: This exploit will try and listen for connection on port 445/TCP. Thus it needs to be run as root under Linux, or as...

FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Monit <= 4.2 Remote Root Buffer Overflow Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...

Peercast buffer overflow

Buffer overflow in HTTP Basic authentication and on SOURCE header parsing...

DSA-1583-1 gnome-peercast - several vulnerabilities

Bulletin has no description...

peercast -- arbitrary code execution

Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...

Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...

CVE-2008-2040

Stack-based buffer overflow in the HTTP::getAuthUserPass function core/common/http.cpp in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Basic Authentication string with a long 1 username or 2 password...

CVE-2008-2040

Stack-based buffer overflow in the HTTP::getAuthUserPass function core/common/http.cpp in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Basic Authentication string with a long 1 username or 2 password...