Web Server HTTP Basic Authorization Header Remote Overflow DoS

It was possible to kill the web server by sending a request with a long basic authentication field. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. Affected: Monit include"compat.inc"; if...

[VulnWatch] Advisory: Multiple Vulnerabilities in Monit

Multiple Vulnerabilities in Monit I. Product Description As quoted from http://www.tildeslash.com/monit/ web page: "monit is a utility for managing and monitoring, processes, files, directories and devices on a Unix system. Monit conducts automatic maintenance and repair and can execute meaningfu...

CVE-2004-0334

InnoMedia VideoPhone is affected by an authentication bypass vulnerability where remote attackers can bypass Basic Authorization by crafting HTTP requests to specific admin/config endpoints (videophone_admindetail.asp, videophone_syscfg.asp, videophone_upgrade.asp, videophone_sysctrl.asp) contain...

CVE-2004-0334

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to 1 videophoneadmindetail.asp, 2 videophonesyscfg.asp, 3 videophoneupgrade.asp, or 4 videophonesysctrl.asp that contains a trailing / slash. NOTE: the original report mentioned AXIS 2100 Network Camera...

CVE-2004-1358

The patches 1 114332-08 and 2 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module BSM, which allows attackers to avoid having their activity logged...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior

Apache-SSL optional client certificate vulnerability ---------------------------------------------------- Synopsis -------- If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to...

ApacheSSL protection bypass

In basic authentication emulation mode it's possible to access server without certificate...

Apache-SSL optional client certificate vulnerability

From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...

Internet explorer (and others) CA certificate attack

For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate...

Microsoft SharePoint Portal and Team Services

There is a bug in how the authentication mode works with the web-based administration page. This page resides, in the Web Servers with Sharepoint, in http://www.example.com/layouts/settings.htm or http://www.example.com/somedirectory/layouts/settings.htm This page is usually protected by NT Basic...

CVE-2003-0347

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications VBA SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter...

CVE-2003-0347

Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...

CVE-2003-0347

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications VBA SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter...

Microsoft Security Bulletin MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution(822715)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution 822715 Date: 03 September 2003 Affected Software: Microsoft Visual Basic for Applications SDK 5.0 Microsoft...

Microsoft Visual Basic for Applications buffer overflow

Buffer overflow on opening macro document...

MS03-037: Visual Basic for Application Overflow (822715)

The remote host is running a version of Microsoft Visual Basic for Applications that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host by sending a malformed file to a user of the remote host. C Tenable...

Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun

Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun source: https://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient...

Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 - Document Handling Buffer Overrun

source: https://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient boundary checks when parsing specific properties of malformed documents. As a result, a...