49 matches found
cURL -- Multiple Vulnerability
cURL reports: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password. Just like all other libcurl options the credentials...
Ubuntu 14.04 LTS : curl vulnerabilities (USN-2591-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2591-1 advisory. Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143...
Stem Innovation IZON Hardcoded Password Vulnerability
Stem Innovation's IZON IP camera has hard-coded passwords that can be leveraged via both telnetd and httpd. Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’...
Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236)
Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web...
Stem Innovation - 'IZON' Hard-Coded Credentials
Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...
CVE-2013-0663
Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...
Symantec Web Gateway Detection
Symantec Web Gateway was detected on the remote host. This application protects against web-based malware and data loss. The host may be configured as a Central Intelligence Unit, which provides centralized management for multiple gateways. Note: When HTTP credentials are configured, the anti-vir...
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...