Design/Logic Flaw

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

CVE-2011-0160

CVE-2011-0160 affects WebKit as used in Apple Safari prior to 5.0.4 and iOS prior to 4.3. The vulnerability arises when handling redirects with HTTP Basic Authentication, potentially causing the Authorization header (and thus credentials) to be logged by remote servers. The issue is tied to WebKi...

CVE-2011-0160

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header...

Ubuntu Update for clamav vulnerability USN-1076-1

Ubuntu Update for Linux kernel vulnerabilities USN-1076-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10761.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for clamav vulnerability USN-1076-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Ubuntu 9.10 / 10.04 LTS / 10.10 : clamav vulnerability (USN-1076-1)

It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications VBA data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. In the default installation, attackers wou...

The Lesson of Stuxnet and Aurora: Get Back to Basics or Get Owned

SAN FRANCISCO–It’s often said that after decades of work and technological advances, the security industry hasn’t actually solved any problems or made things any better. But that’s not entirely true. The industry has in fact perfected the art of exploiting the scare ’em and snare ’em,...

CVE-2011-1003

Double free vulnerability in the vbareadprojectstrings function in vbaextract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications VBA data in a Microsoft Office document. NOTE: some of these details are obtained fro...

Ubertooth - An Open Source Bluetooth Test Tool download !

This project was originally unveiled at the recently concluded ShmooCon. It shows a lot of promise and the authors two years of study and experimentation. The name is Ubertooth. Ubertooth is an open source 2.4 GHz wireless development platform suitable for passive bluetooth monitoring. It aims to...

Unreal Tournament - Remote Buffer Overflow (SEH)

Unreal Tournament - Remote Buffer Overflow SEH Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616 Vulnerable: all...

CVE-2011-0410

CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by 1 sniffing the network for transmissions of Java objects or 2 reading the database...

Design/Logic Flaw

CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by 1 sniffing the network for transmissions of Java objects or 2 reading the database...

CVE-2011-0410

CVE-2011-0410 affects CollabNet ScrumWorks Basic 1.8.4. The server–client communications transmit credential information in plaintext via unencrypted Java objects, and the internal database may store unencrypted usernames/passwords, enabling credential exposure through network sniffing or databas...

aidSQL: A Tool to Find Vulnerable Spots in Web Sites !

aidSQL is a PHP application provided for detecting security holes in your websites. It is a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. Sample usage of aidsql: ./aidSQL --url=www.sample123.com We find it similar to nikto,...

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

This host is missing a critical security update according to Microsoft Bulletin MS08-008. OpenVAS Vulnerability Test $Id: gbms08-008.nasl 5548 2017-03-11 17:28:59Z cfi $ Vulnerability in OLE Automation Could Allow Remote Code Execution 947890 Authors: Madhuri D Copyright: Copyright c 2011 Greenbo...

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

This host is missing a critical security update according to Microsoft Bulletin MS08-008. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Lessons Learned From the Gawker Hack

Everyone sounded the alarms at the Gawker Media attack, which included a security breach of websites such as Gizmodo, Lifehacker, Kotaku, io9, and others. The numbers were impressive: 1.3 million user accounts exposed, 405 megabytes of source code lost, and perhaps more important to some, the...

Web Server Uses Basic Authentication over HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS. While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account...

CVE-2010-4330

CVE-2010-4330 describes a Local File Inclusion in Pulse CMS Basic prior to 1.2.9. The vulnerability exists in includes/controller.php, where a crafted value in the p parameter to index.php enables arbitrary local file inclusion (null-byte attack), allowing remote attackers to include and potentia...

Pulse CMS Basic Local File Include Vulnerability

Pulse CMS Basic is prone to a local file-include vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pulsecms:pulsecms...

Basic auth authentication does not allow files to be attached in 4.2

From the customer support case quote When using osauthType=basic to login to JIRA 4.2 a user is able to upload an attachment as a temporary file, but is unable to attach the temporary file to the issue. We noticed the exact same behavior ... had worked with JIRA 4.1.2. quote The Atlassian support...