CVE-2010-2731

Unspecified vulnerability in Microsoft Internet Information Services IIS 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass...

Microsoft IIS Directory Authentication Bypass (MS10-065; CVE-2010-1899; CVE-2010-2731)

IIS is a collection of Internet services packaged with several versions of the Windows operating system. An elevation of privilege vulnerability has been reported in Microsoft Internet Information Services IIS. The vulnerability is due to the way IIS parses specially crafted URLs. An attacker may...

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

Splunk Web Detection

The web interface for Splunk is running on the remote host. Splunk is a search, monitoring, and reporting tool for system administrators. Note that HTTP Basic Authentication credentials may be required to retrieve version information for some recent Splunk releases. TRUSTED...

Openwsman HTTP Basic Authentication Buffer Overflow (CVE-2008-2234)

Openwsman is an implementation of Web Services Management WS-Management specification. It uses the WS-Management protocol, which is a SOAP-based protocol using HTTP for exchange of information related to management of devices and applications in a platform independent manner. There exists a stack...

CVE-2010-1651

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...

CVE-2010-1651

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...

CVE-2010-1651

IBM WebSphere Application Server (WAS) is affected by CVE-2010-1651: when Basic authentication and SIP tracing are enabled, SIP trace logs contain the complete inbound/outbound SIP messages, allowing a local attacker to read sensitive information. Affected versions are WAS 6.1.x prior to 6.1.0.31...

NIBE heat pump - Local File Inclusion

!/usr/bin/python import socket,sys,os,base64 NIBE heat pump LFI exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Special thanks to Fredrik Nordberg Almroth and Mathias Karlsson for obtaining this information http://h.ackack.net/?p=274 which made me test the heat pumps and...

PT-2010-2872 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...

Apache Tomcat information leak

Internal computer name and port may be used as a realm name for HTTP basic authentication...

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...

Apache ActiveMQ Detection

An administrative web interface for Apache ActiveMQ is running on the remote host. ActiveMQ is an open source messaging and Enterprise Integration Patterns server system. Note that starting with version 5.4.0, HTTP Basic Authentication is available to secure the administrative interface, and...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

Authentication flaw

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

Httpdx v1.5.3 Remote Break Server HTTP

Exploit for windows platform in category dos / poc ====================================================================== httpdx v1.5.3 PNG File Handling Remote Denial of Service Vulnerability ====================================================================== Vulnerable: httpdx httpdx 1.5.3...

Authentication flaw

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy...

CVE-2010-0550

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy...