CVE-2026-33540

A flaw was found in Distribution, a toolkit for managing container content. When operating in pull-through cache mode, Distribution incorrectly processes authentication challenges from an upstream registry. An attacker controlling the upstream registry, or positioned as a Man-in-the-Middle MitM,...

EUVD-2014-3525

Malware in sbrugna...

SUSE CVE-2010-1157

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

SUSE CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

GHSA-QM24-4869-99PJ Opendaylight will authenticate any username and password combination

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination...

Opendaylight will authenticate any username and password combination

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination...

CloudBees Jenkins Google Login Plugin Redirection Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks.Google Login Plugin is used in one of the support for the use of Google accounts to log in to Jenkins...

CVE-2017-8442

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...

ShoreTel Connect ONSITE - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: ShoreTel Connect ONSITE Blind SQL Injection Vulnerability Date: 19-09-2016 Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Exploit Author: Iraklis Mathiopoulos Contact:...

Apache Subversion Insecure Authentication Weakness Vulnerability

Apache Subversion is prone to an authentication weakness vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

DEBIAN-CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

FreeBSD : subversion -- several vulnerabilities (83a418cc-2182-11e4-802c-20cf30e32f6d)

Subversion Project reports : Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

FreeBSD : krb5 -- double-free vulnerabilities (86a98b57-fb8e-11d8-9343-000a95bc6fae)

An advisory published by the MIT Kerberos team says : The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...

http-auth NSE Script

Retrieves the authentication scheme and realm of a web service that requires authentication. See also: http-auth-finder.nse http-brute.nse Script Arguments http-auth.path Define the request path slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...

MITKRB5-SA-2004-002: double-free vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-002 Original release: 2004-08-31 Topic: double-free vulnerabilities in KDC and libraries Severity: CRITICAL SUMMARY ======= The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerabili...

krb5 -- double-free vulnerabilities

An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...