CVE-2007-3145

Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...

CVE-2007-3145

CVE-2007-3145 affects Galeon 2.0.1 and is described as a visual truncation vulnerability in which a long hostname can be truncated, allowing remote attackers to spoof the address bar and potentially conduct phishing attacks (demonstrated with HTTP Basic Authentication). The consolidated records i...

CVE-2007-3143

CVE-2007-3143 affects Konqueror 3.5.5. The issue is a visual truncation vulnerability in the address bar: when a long hostname is shown, it is truncated, which can allow remote attackers to spoof the URL and potentially conduct phishing attacks (notably demonstrated via HTTP Basic Authentication)...

CVE-2007-3142

Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication...

[ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass

============================================= INTERNET SECURITY AUDITORS ALERT 2006-013 - Original release date: December 15, 2006 - Last revised: May 22, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 ============================================= I. VULNERABILITY...

Authentication flaw

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services IIS Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile...

CVE-2007-2815

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services IIS Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile...

CVE-2007-2815

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services IIS Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile...

Nuked-klaN 1.7.6 Remote Code Execution Exploit

No description provided by source. ?php Nuked-klaN 1.7.6 Remote Code Execution Exploit ------------------------------------------------ Author: DarkFig [email protected] Website: http://www.acid-root.new.fr/ PHP conditions: None = Private since 2 months. errorreportingEALL ^ ENOTICE; This file...

Novell GroupWise WebAccess base64_decode buffer overflow

Added: 04/25/2007 CVE: CVE-2007-2171 BID: 23556 OSVDB: 35018 Background Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser. Problem A buffer overflow in the base64decode function allows remote attackers to execute arbitrary commands by...

Novell GroupWise WebAccess base64_decode buffer overflow

Added: 04/25/2007 CVE: CVE-2007-2171 BID: 23556 OSVDB: 35018 Background Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser. Problem A buffer overflow in the base64decode function allows remote attackers to execute arbitrary commands by...

CVE-2007-2171

Stack-based buffer overflow in the base64decode function in GWINTER.exe in Novell GroupWise GW WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request...

CVE-2007-2171

Stack-based buffer overflow in the base64decode function in GWINTER.exe in Novell GroupWise GW WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request...

CVE-2007-2171

Summary: CVE-2007-2171 is a stack-based overflow in the base64_decode function of Novell GroupWise WebAccess, specifically in GWINTER.exe, exploited via overly long Base64 content in an HTTP Basic Authentication request. Affected product/component: Novell GroupWise WebAccess (GWINTER.exe) prior t...

Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow

The remote host is running a version of GroupWise WebAccess from Novell that is vulnerable to a stack overflow in the way it handles HTTP Basic Authentication. By sending a specially crafted request, an attacker can exploit this flaw to execute code on the remote host with administrative...

ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability

ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-015.html April 18, 2007 -- CVE ID: CVE-2007-2171 -- Affected Vendor: Novell -- Affected Products: Groupwise WebAccess -- TippingPointTM IPS Customer Protection:...

Stream light detection of the HTTP host in the end is what? - Vulnerability warning-the black bar safety net

Stream of light has detected the HTTP host of the function, it is for certain the need to the password of the site, and not just an ASP encoding of the protected HTML page. In the log on the HTTP host, pop up a password window, generally the first row is the IP or domain name, the second line is...

NetMail WebAdmin username buffer overflow

Added: 03/16/2007 CVE: CVE-2007-1350 BID: 22857 OSVDB: 33886 Background Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP. Problem A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary command...

NetMail WebAdmin username buffer overflow

Added: 03/16/2007 CVE: CVE-2007-1350 BID: 22857 OSVDB: 33886 Background Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP. Problem A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary command...

NetMail WebAdmin username buffer overflow

Added: 03/16/2007 CVE: CVE-2007-1350 BID: 22857 OSVDB: 33886 Background Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP. Problem A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary command...