1240 matches found
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
Kemp Load Master 7.1.16 - Multiple Vulnerabilities
Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link:...
Kemp Load Master 7.1.16 - Multiple Vulnerabilities
Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...
Drupal Services Basic Authentication Module Access Bypass Vulnerability
Drupal is an open source content management platform. An access bypass vulnerability exists in the Drupal Services Basic Authentication Module, which allows an attacker to bypass security restrictions and perform unauthorized access...
SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass
Services Basic Authentication module adds HTTP basic authentication for Services module. A user could get unauthorized access to resources under some circumstances. This vulnerability is mitigated by the fact that the authentication works correctly when page caching is disabled. CVE identifiers...
Apache ActiveMQ Web Console Default Credentials
ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
Hikvision DVR Basic Authentication Buffer Overflow (CVE-2014-4880)
A buffer overflow vulnerability has been reported in Hikvision DVR. The vulnerability is due to a boundary error in Basic Authentication Handling of an RTSP transaction. Successful exploitation may cause a denial of service condition or allow the attacker to inject and execute arbitrary code on t...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
ZTE ZXDSL 831CII - Insecure Direct Object Reference Vulnerability
Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure dire...
ZTE ZXDSL 831CII - Insecure Direct Object Reference
ZTE ZXDSL 831CII - Insecure Direct Object Reference Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct obje...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF
No description provided by source. Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly othe...
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass
No description provided by source. Authentication Bypass and Password disclosure. SoftPerfect Bandwidth Manager Authentication Bypass Date: 22-June-2012 Author: Gitsnik http://dracyrys.com/softperfect Vendor Homepage: http://www.softperfect.com/ Software Link:...
Monit <= 4.2 Basic Authentication Remote Root Exploit
No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA http://www.eos-india.net/poc/305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...
IBM Informix Web Datablade 4.1x Page Request SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablade is available for Apache,...
Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal ...