1215 matches found
CVE-2019-8990
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...
Authorization
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...
CVE-2019-8990
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...
CVE-2019-8990 TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...
PT-2019-19293 · Tibco · Tibco Activematrix Businessworks
Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix BusinessWorks versions up to and including 6.4.2 Description: The HTTP Connector component of TIBCO ActiveMatrix BusinessWorks contains an issue that allows unauthenticated HTTP requests to be processed by the BusinessWorks...
CVE-2019-7675
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...
Authentication flaw
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...
CVE-2019-7675
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...
CVE-2019-7675
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...
CVE-2019-7675
MOBOTIX S14 MX-V4.2.1.61 devices are affected by CVE-2019-7675, where the default management interface is served over cleartext HTTP with Basic Authentication (/admin/index.html). This exposes credentials in transit, enabling potential interception of authentication material and unauthorized acce...
Kentix MultiSensor-LAN 5.63.00 Authentication Bypass Vulnerability
Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user...
Timing Attack Vulnerability In Basic Authentication
Action Controller in the actionpack gem has a flaw in the way it compares usernames and passwords in the basic authentication authorization code. Due to the flaw, attackers can launch a timing attack by analyzing the time taken by a response and use the difference to find a valid username and...
Cross-Site Request Forgery (CSRF)
OpenShift Enterprise is vulnerable to cross-site request forgery CSRF. The server is unable to verify the authenticity of web requests due to a lack of anti-CSRF protection mechanism in the REST API, allowing an attacker to submit requests on behalf of the user, and potentially obtain credentials...
CVE-2018-5403
Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
Default credentials
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
UBUNTU-CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...