SuSE 11 Security Update : ruby (SAT Patch Number 1073)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

SuSE9 Security Update : ruby (YOU Patch Number 12452)

This update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSPbasicverify to refuse usage of revoked certificates. CVE-2009-0642 - Increase entropy of DNS identifiers to avoid spoofing attacks. CVE-2008-3905 - Fix denial of service DoS...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credential...

ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service

source: https://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An attacker can exploit this issue to cra...

Apache HTTP Server HTTP-Basic认证绕过漏洞

Bugraq ID: 35840 CNCAN ID：CNCAN-2009072903 Apache HTTP Server是一款流行的WEB服务程序。 Apache HTTP Server存在HTTP-Basic认证绕过问题，远程攻击者可以利用漏洞访问受资源，获得敏感信息。 当用户要访问需要认证的资源时Apache HTTP Server会返回"401 Authorization Required"消息，也会包含提示需要哪种认证机制的HTTP消息，"Basic"认证是最通用的一种，基于BASE64编码的字符串：username:password，如果凭据正确，WEB服务器将返回"200...

openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

Design/Logic Flaw

Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...

FreeBSD : Multiple Potential Buffer Overruns in Samba (2de14f7a-dad9-11d8-b59a-00061bc2ad93)

Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool SWAT on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected. Another buffer overflow bug has been found in the code used to support the 'mangling...

Oracle 9i Release 2 XDB HTTP Pass Overflow

Added: 02/25/2009 CVE: CVE-2003-0727 BID: 8375 OSVDB: 2449 Background Oracle 9i release 2 includes the XDB HTTP service which by default listens on port 8080. Problem A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary...

SuSE Update for openwsman SUSE-SA:2008:041

Check for the Version of openwsman OpenVAS Vulnerability Test $Id: gbsuse2008041.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for openwsman SUSE-SA:2008:041 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

WowWee Rovio Insufficient Access Controls

SUMMARY WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible OVERVIEW Rovio from WowWee does not adequately secure all accessible URLs or media streams, enabling an unauthorized user with network access to the robotic webcam platform the ability to listen to and view...

Web Server Uses Basic Authentication Without HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over cleartext. An attacker eavesdropping the traffic might obtain logins and passwords of valid users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34850; scriptversion"$Revision...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

[SECURITY] Fedora 9 Update: neon-0.28.3-1.fc9

neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete S...

Immunity Canvas: MS08_062

Name| ms08062 ---|--- CVE| CVE-2008-1446 Exploit Pack| CANVAS Description| Windows Internet Printing Service Overflow Notes| CVE Name: CVE-2008-1446 VENDOR: Microsoft Notes: This exploit will try and listen for connection on port 445/TCP. Thus it needs to be run as root under Linux, or as...

FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Monit <= 4.2 Remote Root Buffer Overflow Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...