1240 matches found
CVE-2024-50313
A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...
CVE-2024-50313
A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...
Drupal Basic HTTP Authentication module < 7.x-1.4 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Roderik Muit in WordPress Module Basic HTTP Authentication versions 7.x-1.4...
PT-2024-10484 · Drupal · Drupal Basic Http Authentication
Name of the Vulnerable Software and Affected Versions: Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.3 Drupal Basic HTTP Authentication versions prior to 7.X-1.4 Description: The issue is related to insufficient authorization mechanisms in the Basic HTTP Authentication module of...
CVE-2024-10295
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...
Red Hat 3scale API Management Platform 安全漏洞
Red Hat 3scale API Management Platform is an infrastructure platform for API management from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform that stems from the fact that sending...
PYSEC-2024-196
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...
GHSA-89V2-PQFV-C5R9 Gradio's CORS origin validation accepts the null origin
Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...
Gradio's CORS origin validation accepts the null origin
Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...
basic-auth-connect 安全漏洞
basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...
Prometheus Exporter Toolkit vulnerable to basic authentication bypass
...
The vulnerability of the retryablehttp package, related to the insertion of confidential information into the log file, allows a perpetrator to obtain confidential authentication credentials for HTTP basic authentication.
The vulnerability of the retryablehttp package lies in the lack of cleaning of URL addresses when they are written to the log file. Exploiting this vulnerability can allow an attacker to obtain confidential basic authentication credentials...
ROS-20240902-12
The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials...
Intersil (Boa) HTTPd Basic Authentication Password Reset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intersil Boa HTTPd Basic Authentication Password Reset', 'Description' = %q The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...
CVE-2024-6104
...
CVE-2024-40636 Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...