1215 matches found
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
Hardcoded credentials
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
CVE-2019-12374
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...
Sql injection
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
CVE-2019-12374
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...
Basic Authentication Without HTTPS
The remote web server contains web pages that are protected by 'Basic' authentication over cleartext. An attacker eavesdropping the traffic might obtain logins and passwords of valid users. No source data...
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
AUO Solar Data Recorder Incorrect Access Control
Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
Security Bulletin: User passwords might be obtained by a brute force attack on IBM® Intelligent Operations Center (CVE-2019-4067)
Summary If your IBM® Intelligent Operations Center system is configured to use a Lightweight Directory Access Protocol LDAP user registry, user passwords might be obtained by a brute force attack that uses HTTP basic authentication requests to IBM Intelligent Operations Center. Vulnerability...
CVE-2019-1714
A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...
CVE-2019-1714
CVE-2019-1714 affects Cisco ASA and Cisco Firepower Threat Defense (FTD) software, where the SAML 2.0 SSO implementation has improper credential handling for NTLM or basic authentication. An unauthenticated, remote attacker could open a VPN session after another user has authenticated via SAML SS...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
ALPINE-CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
CVE-2019-11454
CVE-2019-11454 affects Monit before 5.25.3, with a persistent cross‑site scripting (XSS) flaw in http/cervlet.c that could be triggered via an unsanitized user field in the Authorization header during an _viewlog operation. Connected advisories show multiple distributions addressing this with fix...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
UBUNTU-CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...