29 matches found
www/py-requests -- Information disclosure vulnerability
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...
CVE-2013-3092
The Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header...
CVE-2013-3092
The vulnerability CVE-2013-3092 affects the Belkin N300 (F7D7301v1) router. The issue arises from incorrect validation of the HTTP Authorization header, enabling remote attackers to bypass authentication and escalate privileges. The impact is authentication bypass with full or elevated access, as...
Apache Httpd < 2.2.14 : mod_proxy_ftp FTP command injection
A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...
CVE-2005-1348
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header...
Conceptronic CADSLR1 buffer overflow
Buffer overflow on oversized HTTP Authorization: header...
CVE-2002-0566
CVE-2002-0566 affects Oracle 9i Application Server (iAS) with the PL/SQL module 3.0.9.8.2. The vulnerability allows an unauthenticated remote attacker to crash the Apache-based PL/SQL service by sending a malformed HTTP Authorization header (no auth type). Impact is denial of service (partial ava...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...
Oracle9i Application Server Apache PL/SQL module does not properly handle HTTP Authorization header
Overview A vulnerability exists in the way the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS handles HTTP Authorization headers. This vulnerability could allow an unauthenticated remote attacker to crash the Apache service. Description...