958 matches found
Pavuk Digest Authentication Buffer Overflow Remote Exploit
No description provided by source. / exploit for pavuk web spider - infamous42md AT hotpop DOT com shouts to mitakeet, skullandcircle, and thanks to matt murphy for making me realize a n00bish mistake i made. this exploit probably deserves a bit of an explanation as it was not exactly straight...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570)
This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. MFSA 2007-26 / CVE-2007-3844 Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...
openSUSE 10 Security Update : seamonkey (seamonkey-4594)
This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...
IE和Firefox浏览器Digest认证请求拆分漏洞
BUGTRAQ ID: 23668 CVECAN ID: CVE-2007-2292 IE和Firefox都是流行的WEB浏览器。 IE和Firefox在处理Digest认证方式时存在漏洞,可能导致验证失败。 如果用户使用Digest认证通过HTTP请求登录到网站的话,Firefox和IE可能无法正确地验证用户ID。恶意的网页可能在用户ID中包含有换行字符(%0a)注入头数据,如果用户通过代理进行连接的话代理就可能将认证请求解释为两个独立的请求,导致注入任意HTTP头。 Microsoft Internet Explorer 7.0.5730.11 Mozilla Thunderbird...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)
This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572)
This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...
Mozilla Foundation Security Advisory 2007-31
Mozilla Foundation Security Advisory 2007-31 Title: Digest authentication request splitting Impact: Moderate Announced: October 18, 2007 Reporter: Stefano Di Paola Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description Security researcher Stefano Di Paola reported that...
DSA-1392-1 xulrunner - several vulnerabilities
Bulletin has no description...
security flaw
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...
security flaw
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...
security flaw
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...
Digest authentication request splitting — Mozilla
Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID...
CVE-2007-5469
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication forward attack". NOT...
CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication...
CVE-2007-5469
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication forward attack". NOT...
PT-2007-6505 · Openser · Openser
Name of the Vulnerable Software and Affected Versions: OpenSER version 1.2.2 Description: The issue allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID, which can lead to toll fraud and authentication forward attacks. Thi...
CVE-2007-5469
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication forward attack". NOT...
cyrus-sasl digest-md5 DoS
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...
cyrus-sasl digest-md5 DoS
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...