Lucene search
+L

958 matches found

seebug.org
seebug.org
added 2008/06/05 12:0 a.m.23 views

Pavuk Digest Authentication Buffer Overflow Remote Exploit

No description provided by source. / exploit for pavuk web spider - infamous42md AT hotpop DOT com shouts to mitakeet, skullandcircle, and thanks to matt murphy for making me realize a n00bish mistake i made. this exploit probably deserves a bit of an explanation as it was not exactly straight...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.229 views

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. MFSA 2007-26 / CVE-2007-3844 Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

9.3CVSS8.7AI score0.12736EPSS
Exploits7References39
Gentoo Linux
Gentoo Linux
added 2007/11/12 12:0 a.m.38 views

Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...

9.3CVSS8.2AI score0.12736EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2007/10/25 12:0 a.m.40 views

openSUSE 10 Security Update : seamonkey (seamonkey-4594)

This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

9.3CVSS8.5AI score0.12736EPSS
Exploits7References13
seebug.org
seebug.org
added 2007/10/24 12:0 a.m.35 views

IE和Firefox浏览器Digest认证请求拆分漏洞

BUGTRAQ ID: 23668 CVECAN ID: CVE-2007-2292 IE和Firefox都是流行的WEB浏览器。 IE和Firefox在处理Digest认证方式时存在漏洞,可能导致验证失败。 如果用户使用Digest认证通过HTTP请求登录到网站的话,Firefox和IE可能无法正确地验证用户ID。恶意的网页可能在用户ID中包含有换行字符(%0a)注入头数据,如果用户通过代理进行连接的话代理就可能将认证请求解释为两个独立的请求,导致注入任意HTTP头。 Microsoft Internet Explorer 7.0.5730.11 Mozilla Thunderbird...

4.3CVSS0.1AI score0.12736EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2007/10/24 12:0 a.m.38 views

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

9.3CVSS8.6AI score0.12736EPSS
Exploits7References13
Tenable Nessus
Tenable Nessus
added 2007/10/24 12:0 a.m.51 views

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572)

This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

9.3CVSS8.6AI score0.12736EPSS
Exploits7References13
securityvulns
securityvulns
added 2007/10/23 12:0 a.m.72 views

Mozilla Foundation Security Advisory 2007-31

Mozilla Foundation Security Advisory 2007-31 Title: Digest authentication request splitting Impact: Moderate Announced: October 18, 2007 Reporter: Stefano Di Paola Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description Security researcher Stefano Di Paola reported that...

4.3CVSS1AI score0.12736EPSS
Exploits1
OSV
OSV
added 2007/10/20 12:0 a.m.53 views

DSA-1392-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2007/10/19 3:58 p.m.5 views

security flaw

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

4.3CVSS5.9AI score0.12736EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/10/19 3:45 p.m.2 views

security flaw

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

4.3CVSS5.9AI score0.12736EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/10/19 3:36 p.m.10 views

security flaw

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

4.3CVSS5.9AI score0.12736EPSS
Exploits1References4
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.43 views

Digest authentication request splitting — Mozilla

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID...

4.3CVSS1AI score0.12736EPSS
Exploits1References3Affected Software2
UbuntuCve
UbuntuCve
added 2007/10/16 12:17 a.m.32 views

CVE-2007-5469

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication forward attack". NOT...

5CVSS6.1AI score0.01624EPSS
Exploits0References1
NVD
NVD
added 2007/10/16 12:17 a.m.15 views

CVE-2007-5468

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication...

5CVSS7AI score0.01588EPSS
Exploits0References7
NVD
NVD
added 2007/10/16 12:17 a.m.25 views

CVE-2007-5469

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication forward attack". NOT...

5CVSS7AI score0.01624EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2007/10/16 12:0 a.m.8 views

PT-2007-6505 · Openser · Openser

Name of the Vulnerable Software and Affected Versions: OpenSER version 1.2.2 Description: The issue allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID, which can lead to toll fraud and authentication forward attacks. Thi...

5CVSS7.5AI score0.01624EPSS
Exploits0References9
Cvelist
Cvelist
added 2007/10/16 12:0 a.m.25 views

CVE-2007-5469

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication forward attack". NOT...

7AI score0.01624EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2007/09/04 3:9 p.m.6 views

cyrus-sasl digest-md5 DoS

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...

2.6CVSS7.5AI score0.0243EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/09/04 2:49 p.m.9 views

cyrus-sasl digest-md5 DoS

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...

2.6CVSS7.5AI score0.0243EPSS
Exploits0References4
Rows per page
Query Builder