CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

Backdoor.Win32.Agent.aak Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...

Fedora 32 : monitorix (2021-fc24737ebc)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-fc24737ebc advisory. - Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This...

Fedora 33 : monitorix (2021-5f7da70bfe)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-5f7da70bfe advisory. - Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This...

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

HCL OneTest 安全漏洞

HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

Design/Logic Flaw

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation i.e., an installation without a hostsdeny option. This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an...

CVE-2021-3325

Monitorix 3.13.0 is vulnerable to bypassing Basic Authentication in default installations lacking hosts_deny configuration due to a newly introduced access-control feature not accounting for existing setups. This is evidenced across multiple sources (NVD/NV OSV/ Fedora advisories) and is addresse...

Monitorix Security Vulnerabilities

Monitorix is a set of free tools for monitoring system status. The tool supports customization of monitoring settings and can analyze CPU and memory usage, disk access usage, network usage, and more. A security vulnerability exists in Monitorix 3.13.0, which allows remote attackers to bypass basi...

Command injection

Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection issue 1 of 4. The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result i...

CVE-2020-17500

Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection issue 1 of 4. The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result i...

Insecure Access Control

squid3 is insecure access control. The vulnerability exists because of decoding the string which allows an attacker to retrieve the decoded data via the display of usernames on error pages...

squid: Out of bounds read in Proxy-Authorization header causes DoS

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

Cross site scripting

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...