1240 matches found
PT-2008-1820 · Ge Fanuc · Ge Fanuc Proficy Real-Time Information Portal
Name of the Vulnerable Software and Affected Versions: GE Fanuc Proficy Real-Time Information Portal versions 2.6 and earlier Description: The issue allows remote attackers to steal passwords and gain privileges due to the use of HTTP Basic Authentication, which transmits usernames and passwords ...
CVE-2008-0407
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...
CVE-2008-0410
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0410
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
CVE-2008-0408
CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
Authentication flaw
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
CVE-2008-0367
CVE-2008-0367 affects Mozilla Firefox (2.0.0.11, 3.0b2, and possibly earlier) in the HTTP Basic Authentication prompt, where prompting for credentials causes the realm text to display after the site, potentially enabling phishing/spoofing by remote servers. The available connected documents descr...
Mozilla Firefox 'Basic Realm' Basic Authentication Header Spoofing Vulnerability
Mozilla Firefox is prone to a domain-spoofing vulnerability that allows an attacker to spoof an HTTP basic authentication dialog. Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTP basic authentication dialog that the victim may trust. Attackers may fi...
Two XSS on Blue Coat ProxySG Management Console
PR07-29: Two XSS on Blue Coat ProxySG Management Console Vulnerability found: 23 July 2007 Vendor informed: 20 August 2007 Vulnerability fixed: 29 October 2007 Advisory publicly released: 1 November 2007 Severity: Medium Description: Blue Coat SG400 is vulnerable to a couple of XSS holes...
Boa 0.93.15 - HTTP Basic Authentication Bypass
/ Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ---- !/usr/bin/env python import urllib2 SERVERIPADDRESS ...
Boa 0.93.15 - HTTP Basic Authentication Bypass
Boa 0.93.15 - HTTP Basic Authentication Bypass / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ----...
HTTP Server Basic Authentication Detection
Binary data 4225.prm...
Cross site request forgery (csrf)
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP...
CVE-2007-4915
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP...
CVE-2007-4915
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP...