CVE-2009-3168

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to 1 admin/reset.php and 2 admin/useradd.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request...

CVE-2009-3168

CVE-2009-3168 affects Mevin Productions Basic PHP Events Lister 2.0. The vulnerability arises from improper access restriction to admin/reset.php and admin/user_add.php, allowing remote authenticated users to reset administrative passwords or add administrators via a direct request. Multiple conn...

PT-2009-5484 · Mevin Productions · Mevin Productions Basic Php Events Lister

Name of the Vulnerable Software and Affected Versions: Mevin Productions Basic PHP Events Lister version 2.0 Description: The issue concerns improper access restriction to certain PHP files, specifically admin/reset.php and admin/user add.php. This allows remote authenticated users to reset...

Protected Web Page Detection

The remote web server requires HTTP authentication for the following pages. Several authentication schemes are available : - Basic is the simplest, but the credentials are sent in cleartext. - NTLM provides an SSO in a Microsoft environment, but it cannot be used on both the proxy and the web...

Authorization

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An attacker can exploit this issue to cra...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credential...

ntop 3.3.10 Denial Of Service

Title: ntop = sizeoftheHttpUser usersizeoftheHttpUser-1 = '\0'; . . . Affected Operating Systems: Only tested on Linux Affected Versions: ntop = 3.3.10 CVE: CVE-2009-2732 Credit: Brad Antoniewicz [email protected] code: START modules/auxiliary/dos/http/ntopbasic.rb...

Apache HTTP Server HTTP-Basic认证绕过漏洞

Bugraq ID: 35840 CNCAN ID：CNCAN-2009072903 Apache HTTP Server是一款流行的WEB服务程序。 Apache HTTP Server存在HTTP-Basic认证绕过问题，远程攻击者可以利用漏洞访问受资源，获得敏感信息。 当用户要访问需要认证的资源时Apache HTTP Server会返回"401 Authorization Required"消息，也会包含提示需要哪种认证机制的HTTP消息，"Basic"认证是最通用的一种，基于BASE64编码的字符串：username:password，如果凭据正确，WEB服务器将返回"200...

Sql injection

Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in 1 an edittemp action or 2 a users action...

Cisco WLC 4200 Basic Auth Denial Of Service

require 'msf/core' class Metasploit3 'Cisco WLC 4200 Basic Auth Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the Cisco WLC 4200 HTTP server. By sending a GET request with long authentication data, the device becomes unresponsive and reboots. Firmwar...

openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

Design/Logic Flaw

Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...

Microsoft ISA Server Privilege Escalation Vulnerability (970953)

This host is missing a critical security update according to Microsoft Bulletin MS09-031. OpenVAS Vulnerability Test $Id: secpodms09-031.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft ISA Server Privilege Escalation Vulnerability 970953 Authors: Nikita MR Copyright Copyright c 2009 SecPod,...

Microsoft ISA Server Privilege Escalation Vulnerability (970953)

This host is missing a critical security update according to Microsoft Bulletin MS09-031. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft ISA Server 2006 Radius OTP Bypass (MS09-031; CVE-2009-1135)

ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN endpoint, and provides Internet Access for client systems in a Business Networking environment. An elevation of privilege vulnerability exists in Microsof...

Netgear DG632 Router Authentication Bypass Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632AuthenticationBypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG6...

Netgear DG632 Router Authentication Bypass Vulnerability

Exploit for hardware platform in category remote exploits ======================================================== Netgear DG632 Router Authentication Bypass Vulnerability ======================================================== Product Name: Netgear DG632 Router Vendor: http://www.netgear.com...

Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability

Description Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the affected...