cyan soft - Multiple Applications Format String Denial of Service Vulnerabilities

cyan soft - Multiple Applications Format String Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/27728/info Multiple cyan soft products are affected by a format-string vulnerability because they fail to adequately sanitize user-supplied input before passing it as the...

Design/Logic Flaw

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...

CVE-2008-0174

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...

Authentication flaw

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...

CVE-2008-0407

HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...

CVE-2008-0408

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...

CVE-2008-0410

HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...

PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal

Name of the Vulnerable Software and Affected Versions: GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier Description: The issue allows remote attackers to steal passwords and gain privileges due to the use of HTTP Basic Authentication, which transmits usernames and passwords ...

CVE-2008-0408

CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...

CVE-2008-0410

HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...

CVE-2008-0408

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...

CVE-2008-0392

Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long 1 ConnectionName or 2 CommandName line...

Buffer overflow

Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long 1 ConnectionName or 2 CommandName line...

CVE-2008-0392

CVE-2008-0392 : Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file containing a long (1) ConnectionName or (2) CommandName line. The connected documents confirm the affected product/version ...

CVE-2008-0392

Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long 1 ConnectionName or 2 CommandName line...

MS Visual Basic Enterprise Ed. 6 SP6 .dsr File Handling BOF Exploit

No description provided by source. usage: exploit.py FileName import sys print "------------------------------------------------------------------------" print ' Microsoft Visual InterDev 6.0 SP6 ".sln" files Local Buffer Overflow' print " author: shinnai" print " mail: shinnaiatautisticidotorg"...

CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...

CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...

msvis-dsr.txt

usage: exploit.py import time print "---------------------------------------------------------------------------" print ' MS Visual Basic Enterprise Ed. 6 SP6 ".dsr" File Handling Buffer Overflow\n' print " author: shinnai" print " mail: shinnaiatautisticidotorg" print " site:...

Authentication flaw

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...