1215 matches found
Peercast buffer overflow
Buffer overflow in HTTP Basic authentication and on SOURCE header parsing...
DSA-1583-1 gnome-peercast - several vulnerabilities
Bulletin has no description...
peercast -- arbitrary code execution
Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...
Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability
Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...
CVE-2008-2040
Stack-based buffer overflow in the HTTP::getAuthUserPass function core/common/http.cpp in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Basic Authentication string with a long 1 username or 2 password...
CVE-2008-2040
Stack-based buffer overflow in the HTTP::getAuthUserPass function core/common/http.cpp in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Basic Authentication string with a long 1 username or 2 password...
CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
Cross site request forgery (csrf)
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
Referrer spoofing bug
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...
HTTP Referrer spoofing with malformed URLs — Mozilla
Security researcher Gregory Fleischer demonstrated a problem with the HTTP Referer: sic header sent with requests to URLs containing Basic Authentication credentials with empty usernames. In these cases a number of leading characters, based on the length of the password in the URL, are removed fr...
authentix-xss.txt
Description: "Form-based or 100% cookie-free "Basic Authentication" website protection while keeping your NT Users Names and Passwords private. Protect all files, not just ASP pages. Validate against internal database, text file or external ODBC datasource." - www.flicks.com Summary: The Authenti...
Design/Logic Flaw
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...
CVE-2008-0174
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...
Authentication flaw
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0407
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0410
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal
Name of the Vulnerable Software and Affected Versions: GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier Description: The issue allows remote attackers to steal passwords and gain privileges due to the use of HTTP Basic Authentication, which transmits usernames and passwords ...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...