1247 matches found
Debian DLA-604-1 : ruby-actionpack-3.2 security update
Multiple vulnerabilities have been discovered in ruby-actionpack-3.2, a web-flow and rendering framework and part of Rails : CVE-2015-7576 A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare...
Nextcloud: The application uses basic authentication.
Basic authentication is enabled on file access requests ==================== Description --------------------- Basic authentication is enabled on the server if we request for the direct URL of a file. The issues of using Basic Authentication can be read here - OWASP: Basic Authentication. Though...
Nextcloud: Bruteforce attack is possible on newsletter.nextcloud.com
Since HTTP Basic authentication is used on https://newsletter.nextcloud.com, This type of authentication is vulnerable to Bruteforce attack. refer the attachment below F100241 refer the attachment below F100240 Attacking via metasploit auxilary scanner httplogin: refer the attachment below F10023...
Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...
CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
DEBIAN-CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
Cross site scripting
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
PYSEC-2016-15
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
PYSEC-2016-15
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
Debian DSA-3544-1 : python-django - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication...
The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the authentication process
The vulnerability of the httpbasicauthenticatewith method in the ActionController/lib/actioncontroller/metal/httpauthentication.rb implementation of Basic Authentication in the Ruby on Rails software framework is related to security configuration errors. Exploiting this vulnerability allows a...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller
A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...
Important: Red Hat Security Advisory: ror40 security update
Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Important: Red Hat Security Advisory: ruby193 security update
Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...