472 matches found
USN-1842-1: KDE-Libs vulnerability
It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information...
Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Netgear DGN2200B pppoe.cgi Remote...
Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities
Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities Title: ====== Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities Date: ===== 2013-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=850 VL-ID: ===== 850 Common Vulnerability Scoring System:...
CVE-2012-6029
CVE-2012-6029 affects Cisco NAC Appliance 4.9.2 and earlier. The vulnerability is a set of cross-site scripting flaws in the web-authentication flow, exploitable by an unauthenticated, remote attacker who persuades a user to follow a malicious URL. Specifically, XSS can be triggered via parameter...
CVE-2012-6029
Multiple cross-site scripting XSS vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cm or 2 uri parameters to a perfigoweblogin.jsp, or the 3 cm, 4 provider, 5 session, 6 uri, 7...
PT-2013-1683 · Elinks +3 · Elinks +3
Name of the Vulnerable Software and Affected Versions: ELinks versions prior to 0.12pre6 Description: The issue concerns the delegation of user credentials through GSSAPI when using HTTP Negotiate or GSS-Negotiate authentication. This allows remote servers to authenticate as the client via the...
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link :...
Design/Logic Flaw
screens/base/webauthcustom.html on Cisco Wireless LAN Controller WLC devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service device reload via a certain buttonClicked value in an internal webauthtype request, aka Bug ID CSCud50209...
EUVD-2012-5865
screens/base/webauthcustom.html on Cisco Wireless LAN Controller WLC devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service device reload via a certain buttonClicked value in an internal webauthtype request, aka Bug ID CSCud50209...
Juniper Junos web-authentication Policy Not Enforced (PSN-2012-10-735)
According to its self-reported version number, the remote Junos device stops enforcing a web-authentication policy if its client-match statement is removed. This would allow unauthenticated access to resources that are assumed to be protected by web-authentication. C Tenable Network Security, Inc...
DEBIAN-CVE-2011-4362
Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...
Mozilla Releases BrowserID Web Authentication System
Mozilla has released a new browser-based federated login mechanism called BrowserID that is designed to replace the login process on Web sites that requires users to supply an email and password. The experimental system relies on the Verified Email protocol and also works on other browsers,...
inappropriate GSSAPI delegation
When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...
Mc.Graw Hill – Hacking Exposed 3rd Edition 2011
The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...
Authentication flaw
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via...
CVE-2010-4566
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via...
Cisco IOS Software Authentication Proxy Vulnerability - Cisco Systems
Cisco IOS Software configured with Authentication Proxy for HTTPS, Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage. Cisco has released free software updates that...
PRE DYNAMIC INSTITUTION WEB authentication bypass
Exploit for php platform in category web applications ================================================= PRE DYNAMIC INSTITUTION WEB authentication bypass ================================================= Exploit Title: PRE DYNAMIC INSTITUTION WEB authentication bypass Date: 16th july 2010 Author:...
Update Protection against Cisco IOS Administrative Interface HTTP Authentication
Cisco Wireless LAN Controllers WLCs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service QoS, and mobility. An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to...
Iomega StorCenter Pro NAS Web Authentication Bypass
The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs, allowing for simple brute force attacks to bypass authentication and gain administrative access. This module requires Metasploit: https://metasploit.com/download Current source:...