1215 matches found
Respondly: No Bruteforce Protection
Hi, Your Basic Authentication at http://o1.m.respond.ly:8080/ has no bruteforce protection using hydra or some other tool it can be bruteforced...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)
ASUS RT-N56U remote root shell buffer overflow exploit. !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jaco...
ASUS RT-N56U - Remote Buffer Overflow (ROP)
ASUS RT-N56U - Remote Buffer Overflow ROP !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimp...
[Router Password Kracker] Router Password Recovery Software
Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication. Generally Routers or Modems control their access by using HTTP BASIC authenticati...
[Cansina] Web Content Discovery Application
It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database omitting 404 responses. One for every new url think this as a kind of projects feature and the sam...
Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...
MGASA-2013-0262 Updated nagstamon package fixes security vulnerability
A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper base64...
Re: Cisco/Linksys E1200 N300 Reflected XSS
Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...
Cisco Linksys E1200 / N300 Cross Site Scripting
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...
OpenShift Enterprise and Online vulnerable to CSRF attack with REST API
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...
basic_auth
This plugin bruteforces basic authentication logins. Nine configurable parameters exist: usersFile stopOnFirst passwdFile passEqUser useLeetPasswd useSvnUsers useEmails useProfiling profilingNumber This plugin will take users from the file pointed by "usersFile", mail users found on the site and...
Cisco/Linksys E1200 N300 Reflected XSS
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...
Cisco Linksys WRT310N 2.0.00 Denial Of Service Vulnerability
Cisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability. Summary -------------------- Software : Cisco/Linksys Router OS Hardware : WRT310N v2 others currently untested Version : 2.0.00 others currently untested Website : http://www.linksys.com Issue : Remote...
Cisco Linksys WRT310N 2.0.00 Denial Of Service
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : WRT310N v2 others currently untested Version : 2.0.00 others currently untested Website : http://www.linksys.com Issue : Remote Denial of Service Severity : High Researcher: Carl Benedict theinfinitenigma Product Descripti...
External image sources can trigger a basic authentication dialogue
When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...
External image sources can trigger a basic authentication dialogue
When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...
External image sources can trigger a basic authentication dialogue
When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...
CVE-2013-0922
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors...