Cross-site Scripting (XSS)

openstack-swift is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

CVE-2018-1957

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequestauthenticate API when an unprotected URI is accessed. IBM X-Force ID: 153629...

CVE-2018-1957

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequestauthenticate API when an unprotected URI is accessed. IBM X-Force ID: 153629...

GHSA-W4R4-65MG-45X2 org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

Gurp - Golang command-line interface to Burp Suite's REST API

Requirements BurpSuite Professional v2.0.0beta or greater from PortSwigger Dependencies go get -u -v github.com/fatih/color go get -u -v github.com/integrii/flaggy go get -u -v github.com/tidwall/gjson go get -u -v github.com/grokify/html-strip-tags-go Binaries Latest version available here...

CVE-2018-1127

Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user...

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

Progress Sitefinity Open Redirect Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. An open redirect vulnerability exists in Authenticate/SWT in Progress Sitefinity version 9.1. An attacker can exploit this vulnerability to redirect users to arbitrary websites...

KRACK Detector - Detect and prevent KRACK attacks in your network

KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network. The script is meant to be run on the Access Point rather than the client devices. It listens on the Wi-Fi interface and waits for duplicate message 3 of the 4-way handshake. It then...

PYSEC-2017-36

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an...

CVE-2015-3206

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

CVE-2016-7145

The mauthenticate function in ircd/mauthenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter...

Julian Assange is not Dead, but his Internet Connection is Cut by 'State Party'

Don't worry — Julian Assange is alive and kicking! But his Internet connection is dead. Earlier today, Wikileaks tweeted that its co-founder, Julian Assange, had his internet connection intentionally cut by an unidentified "state party." The non-profit organization said it had "activated...

CVE-2016-7143

The mauthenticate function in modules/msasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter...

UBUNTU-CVE-2016-7143

The mauthenticate function in modules/msasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter...

DEBIAN-CVE-2015-8833

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

Design/Logic Flaw

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

UBUNTU-CVE-2015-8833

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

CVE-2015-8833

Use-after-free vulnerability in the createsmpdialog function in gtk-dialog.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item...

CGit Integer Overflow Vulnerability

cgit is a web front-end for git repositories written in C . An integer overflow vulnerability exists in the 'authenticatepost' function in cgit versions prior to 0.12. A remote attacker could exploit this vulnerability to cause a denial of service buffer overflow via a larger value in the...