Office HD: PlanMaker BASIC - Base64 encoded String, Customized SSL, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Office HD: PlanMaker BASIC published at the 'play' market has multiple vulnerabilities...

Office HD: TextMaker BASIC - Base64 encoded String, Customized SSL, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Office HD: TextMaker BASIC published at the 'play' market has multiple vulnerabilities...

The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the authentication process

The vulnerability of the httpbasicauthenticatewith method in the ActionController/lib/actioncontroller/metal/httpauthentication.rb implementation of Basic Authentication in the Ruby on Rails software framework is related to security configuration errors. Exploiting this vulnerability allows a...

python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...

python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...

python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...

python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

Important: Red Hat Security Advisory: ror40 security update

Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

Important: Red Hat Security Advisory: ruby193 security update

Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

USN-2915-3 python-django regression

USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled...

UBUNTU-CVE-2016-2512

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

SUSE-SU-2016:0623-1 Security update for rubygem-activesupport-3_2

This update for rubygem-activesupport-32 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...

Wireshark ASN.1 BER Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. A denial of service vulnerability exists in the Wireshark ASN.1 BER parser, which can be exploited by an attacker to cause a denial of service out-of-bounds read and application crash...

DEBIAN-CVE-2016-2522

The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafte...

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

HTTP Server Basic Authentication Detection

Binary data 7140.pasl...

Authentication flaw

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

UBUNTU-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...