PT-2022-27698 · Unknown · Boa Web Server

Name of the Vulnerable Software and Affected Versions: Boa Web Server versions 0.94.13 through 0.94.14 Description: The issue allows bypassing of the Basic Authorization mechanism due to a failure in validating the correct security constraint on the HEAD HTTP method. Recommendations: For Boa Web...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

CVE-2022-45956

CVE-2022-45956 affects Boa Web Server versions 0.94.13–0.94.14. The HEAD HTTP method is not properly constrained, allowing bypass of Basic Authentication and access to protected resources. Reported in multiple sources (NVD/Red Hat/PT-Security), with a CVSS v3.1 base score of 5.3 (Network, Low att...

Boa 安全漏洞

Boa is an open source code for embedded applications from Boa Open Source. A security vulnerability exists in Boa Web Server versions 0.94.13 through 0.94.14 that stems from an inability to validate the correct security constraints on the HEAD HTTP method, allowing anyone to bypass the basic...

Boa Web Server 0.94.13 / 0.94.14 Authentication Bypass

Exploit Title: Boa Web Server 0.94.13-0.94.14 Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://github.com/gpg/boa CVE: N/A Tested on: Debian 5.18.5 Description : Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate the correct security constraint ...

CVE-2020-6208

SAP Business Objects Business Intelligence Platform Crystal Reports, versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution...

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

CVE-2018-8529

CVE-2018-8529 : A remote code execution vulnerability exists in Team Foundation Server (TFS) where basic authorization is not enabled on the communication between TFS and the Search services. The underlying issue allows an attacker to execute commands on the Search service. Microsoft’s security u...

Team Foundation Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services. Without basic authorization, an attacker could run certain commands on the Search service. The security update addresses the...

Elastic Logstash 'CVE-2016-10362' Information Disclosure Vulnerability

Elastic Logstash is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String

Exploit for multiple platform in category remote exploits !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based...

Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String

!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...

Axis Communications MPQT/PACS SSI Remote Format String / Code Execution

!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...

Logstash 2.3.3 Elasticsearch Output Vulnerability

Hi all, we would like to announce a security vulnerability we discovered in our testing. Logstash 2.3.4 has been released with a patch to fix this. Issue Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

New Relic: Basic Authorization over HTTP

Hi New Relic Team, While reviewing your host http://newrelic.com/ it was discovered that you are basic authorization over http , which is not a good practice If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials. Request:- GET /styleguide-layout...

Netgear DG632 Router Authentication Bypass Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632AuthenticationBypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG6...

Netgear DG632 Router Authentication Bypass Vulnerability

Exploit for hardware platform in category remote exploits ======================================================== Netgear DG632 Router Authentication Bypass Vulnerability ======================================================== Product Name: Netgear DG632 Router Vendor: http://www.netgear.com...