1215 matches found
openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)
This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...
CVE-2015-7937
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data...
Stack overflow
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data...
PT-2015-2899 · Schneider Electric +1 · Modicon M340 Plc +1
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices affected versions not specified Description: The issue is caused by a stack-based buffer overflow in the GoAhead Web Server, allowing remote attackers to execute arbitrary code via ...
CVE-2007-3144
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...
Endian Firewall 3.0.0 - OS Command Injection (Metasploit)
Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2015-4344
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching...
CVE-2015-4344
The CVE-2015-4344 entry concerns the Drupal Services Basic Authentication module (Drupal 7.x, versions prior to 7.x-1.3). The root cause is an access-bypass vulnerability related to page caching that could allow remote attackers to bypass intended resource restrictions. Public sources in the conn...
UBUNTU-CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
Kemp Load Master 7.1.16 - Multiple Vulnerabilities
Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link:...
Kemp Load Master 7.1.16 - Multiple Vulnerabilities
Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...
Drupal Services Basic Authentication Module Access Bypass Vulnerability
Drupal is an open source content management platform. An access bypass vulnerability exists in the Drupal Services Basic Authentication Module, which allows an attacker to bypass security restrictions and perform unauthorized access...
SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass
Services Basic Authentication module adds HTTP basic authentication for Services module. A user could get unauthorized access to resources under some circumstances. This vulnerability is mitigated by the fact that the authentication works correctly when page caching is disabled. CVE identifiers...