SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data

This module makes use of the RFCREADTABLE Function to read data from tables using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port o...

SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass

SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link:...

SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass

Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link: http://www.softperfect.com/products/bandwidth/ Version: 2.9.10 probably...

XSS и Brute Force уязвимости в WordPress

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting та Brute Force уязвимостях в WordPress. XSS WASC-08: В 2007 году я писал об редиректорах http://websecurity.com.ua/1152/ в WordPress http://websecurity.com.ua/1179/, для которых я выпустил патч в MustLive Security Pack v.1.0.5...

CVE-2011-2361

The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...

CVE-2011-2361

The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...

CVE-2011-2361

The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...

CVE-2011-2361

Google Chrome before 13.0.782.107 has a vulnerability in the Basic Authentication dialog where improper handling of strings could allow remote attackers to capture credentials via a crafted web site (CVE-2011-2361). The issue is tied to Chrome’s authentication UI/Basic Auth dialog, with corrobora...

CVE-2011-2361

Removed by vendor...

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

Nmap NSE net: http-brute

Performs brute force password auditing against http basic authentication. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true http-brute.hostname: sets the host header in case of virtual...

Apple Safari Webkit Multiple Vulnerabilities (Mar 2011)

Apple Safari web browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

Design/Logic Flaw

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

UBUNTU-CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

CVE-2011-0160

CVE-2011-0160 affects WebKit as used in Apple Safari prior to 5.0.4 and iOS prior to 4.3. The vulnerability arises when handling redirects with HTTP Basic Authentication, potentially causing the Authorization header (and thus credentials) to be logged by remote servers. The issue is tied to WebKi...

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

Web Server Uses Basic Authentication over HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS. While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account...