Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

[SECURITY] Fedora 9 Update: neon-0.28.3-1.fc9

neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete S...

Immunity Canvas: MS08_062

Name| ms08062 ---|--- CVE| CVE-2008-1446 Exploit Pack| CANVAS Description| Windows Internet Printing Service Overflow Notes| CVE Name: CVE-2008-1446 VENDOR: Microsoft Notes: This exploit will try and listen for connection on port 445/TCP. Thus it needs to be run as root under Linux, or as...

FreeBSD Ports: apache+ssl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Monit <= 4.2 Remote Root Buffer Overflow Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...

Peercast buffer overflow

Buffer overflow in HTTP Basic authentication and on SOURCE header parsing...

peercast -- arbitrary code execution

Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...

DSA-1583-1 gnome-peercast - several vulnerabilities

Bulletin has no description...

Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...

CVE-2008-2040

Stack-based buffer overflow in the HTTP::getAuthUserPass function core/common/http.cpp in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Basic Authentication string with a long 1 username or 2 password...

CVE-2008-2040

Stack-based buffer overflow in the HTTP::getAuthUserPass function core/common/http.cpp in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Basic Authentication string with a long 1 username or 2 password...

Cross site request forgery (csrf)

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

CVE-2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

Referrer spoofing bug

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely ...

HTTP Referrer spoofing with malformed URLs — Mozilla

Security researcher Gregory Fleischer demonstrated a problem with the HTTP Referer: sic header sent with requests to URLs containing Basic Authentication credentials with empty usernames. In these cases a number of leading characters, based on the length of the password in the URL, are removed fr...

authentix-xss.txt

Description: "Form-based or 100% cookie-free "Basic Authentication" website protection while keeping your NT Users Names and Passwords private. Protect all files, not just ASP pages. Validate against internal database, text file or external ODBC datasource." - www.flicks.com Summary: The Authenti...

Design/Logic Flaw

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...

CVE-2008-0174

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...

Authentication flaw

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...