Lucene search
K

472 matches found

Ubuntu
Ubuntu
added 2013/05/29 7:10 a.m.47 views

USN-1842-1: KDE-Libs vulnerability

It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information...

5CVSS6.6AI score0.0198EPSS
Exploits0
Exploit DB
Exploit DB
added 2013/04/22 12:0 a.m.40 views

Netgear DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Netgear DGN2200B pppoe.cgi Remote...

7AI score
Exploits0
exploitpack
exploitpack
added 2013/02/11 12:0 a.m.27 views

Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities

Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities Title: ====== Air Disk Wireless 1.9 iPad iPhone - Multiple Vulnerabilities Date: ===== 2013-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=850 VL-ID: ===== 850 Common Vulnerability Scoring System:...

0.3AI score
Exploits0
CVE
CVE
added 2013/01/31 11:0 a.m.50 views

CVE-2012-6029

CVE-2012-6029 affects Cisco NAC Appliance 4.9.2 and earlier. The vulnerability is a set of cross-site scripting flaws in the web-authentication flow, exploitable by an unauthenticated, remote attacker who persuades a user to follow a malicious URL. Specifically, XSS can be triggered via parameter...

4.3CVSS5.9AI score0.00967EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/01/31 11:0 a.m.21 views

CVE-2012-6029

Multiple cross-site scripting XSS vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cm or 2 uri parameters to a perfigoweblogin.jsp, or the 3 cm, 4 provider, 5 session, 6 uri, 7...

5.8AI score0.00967EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2013/01/03 12:0 a.m.3 views

PT-2013-1683 · Elinks +3 · Elinks +3

Name of the Vulnerable Software and Affected Versions: ELinks versions prior to 0.12pre6 Description: The issue concerns the delegation of user credentials through GSSAPI when using HTTP Negotiate or GSS-Negotiate authentication. This allows remote servers to authenticate as the client via the...

5.9CVSS5.7AI score0.0191EPSS
Exploits0References25
exploitpack
exploitpack
added 2012/12/29 12:0 a.m.19 views

Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution

Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link :...

0.4AI score
Exploits0
Prion
Prion
added 2012/12/19 11:56 a.m.22 views

Design/Logic Flaw

screens/base/webauthcustom.html on Cisco Wireless LAN Controller WLC devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service device reload via a certain buttonClicked value in an internal webauthtype request, aka Bug ID CSCud50209...

6.3CVSS6.7AI score0.05519EPSS
Exploits6References1Affected Software1
EUVD
EUVD
added 2012/12/19 11:0 a.m.4 views

EUVD-2012-5865

screens/base/webauthcustom.html on Cisco Wireless LAN Controller WLC devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service device reload via a certain buttonClicked value in an internal webauthtype request, aka Bug ID CSCud50209...

6.3CVSS6AI score0.05519EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2012/10/26 12:0 a.m.34 views

Juniper Junos web-authentication Policy Not Enforced (PSN-2012-10-735)

According to its self-reported version number, the remote Junos device stops enforcing a web-authentication policy if its client-match statement is removed. This would allow unauthenticated access to resources that are assumed to be protected by web-authentication. C Tenable Network Security, Inc...

5.5AI score
Exploits0References1
OSV
OSV
added 2011/12/24 7:55 p.m.2 views

DEBIAN-CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

5CVSS6.5AI score0.16246EPSS
Exploits8References1
ThreatPost
ThreatPost
added 2011/07/15 2:8 p.m.10 views

Mozilla Releases BrowserID Web Authentication System

Mozilla has released a new browser-based federated login mechanism called BrowserID that is designed to replace the login process on Web sites that requires users to supply an email and password. The experimental system relies on the Verified Email protocol and also works on other browsers,...

Exploits0References2
curl security advisories
curl security advisories
added 2011/06/23 8:0 a.m.6 views

inappropriate GSSAPI delegation

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...

4.3CVSS7.8AI score0.02994EPSS
Exploits0Affected Software2
The Hacker News
The Hacker News
added 2011/03/19 12:59 p.m.6 views

Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

8.2AI score
Exploits0
Prion
Prion
added 2011/01/14 11:0 p.m.15 views

Authentication flaw

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via...

9.3CVSS8.2AI score0.27795EPSS
Exploits7References6Affected Software1
Cvelist
Cvelist
added 2011/01/14 10:0 p.m.23 views

CVE-2010-4566

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via...

7.7AI score0.27795EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2010/09/01 12:0 a.m.33 views

Cisco IOS Software Authentication Proxy Vulnerability - Cisco Systems

Cisco IOS Software configured with Authentication Proxy for HTTPS, Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage. Cisco has released free software updates that...

7.1CVSS5.5AI score0.0247EPSS
Exploits0References3
0day.today
0day.today
added 2010/07/16 12:0 a.m.17 views

PRE DYNAMIC INSTITUTION WEB authentication bypass

Exploit for php platform in category web applications ================================================= PRE DYNAMIC INSTITUTION WEB authentication bypass ================================================= Exploit Title: PRE DYNAMIC INSTITUTION WEB authentication bypass Date: 16th july 2010 Author:...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2009/07/31 12:0 a.m.7 views

Update Protection against Cisco IOS Administrative Interface HTTP Authentication

Cisco Wireless LAN Controllers WLCs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service QoS, and mobility. An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to...

7.8CVSS6.5AI score0.01602EPSS
Exploits0
Metasploit
Metasploit
added 2009/07/01 3:55 a.m.58 views

Iomega StorCenter Pro NAS Web Authentication Bypass

The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs, allowing for simple brute force attacks to bypass authentication and gain administrative access. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS7.5AI score0.23195EPSS
Exploits3
Rows per page
Query Builder