CVE-2004-0334

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to 1 videophoneadmindetail.asp, 2 videophonesyscfg.asp, 3 videophoneupgrade.asp, or 4 videophonesysctrl.asp that contains a trailing / slash. NOTE: the original report mentioned AXIS 2100 Network Camera...

CVE-2004-1358

The patches 1 114332-08 and 2 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module BSM, which allows attackers to avoid having their activity logged...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior

Apache-SSL optional client certificate vulnerability ---------------------------------------------------- Synopsis -------- If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to...

ApacheSSL protection bypass

In basic authentication emulation mode it's possible to access server without certificate...

Apache-SSL optional client certificate vulnerability

From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...

Internet explorer (and others) CA certificate attack

For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate...

Microsoft SharePoint Portal and Team Services

There is a bug in how the authentication mode works with the web-based administration page. This page resides, in the Web Servers with Sharepoint, in http://www.example.com/layouts/settings.htm or http://www.example.com/somedirectory/layouts/settings.htm This page is usually protected by NT Basic...

CVE-2003-0347

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications VBA SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter...

CVE-2003-0347

Vulnerability CVE-2003-0347 affects Microsoft Visual Basic for Applications (VBA) 5.0–6.3 via heap-based overflow in VBE.DLL and VBE6.DLL. An attacker could supply a document with a long ID parameter to cause remote code execution. Impact is remote compromise with user privileges; affected compon...

CVE-2003-0347

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications VBA SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter...

Microsoft Security Bulletin MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution(822715)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution 822715 Date: 03 September 2003 Affected Software: Microsoft Visual Basic for Applications SDK 5.0 Microsoft...

Microsoft Visual Basic for Applications buffer overflow

Buffer overflow on opening macro document...

MS03-037: Visual Basic for Application Overflow (822715)

The remote host is running a version of Microsoft Visual Basic for Applications that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host by sending a malformed file to a user of the remote host. C Tenable...

Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun

Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun source: https://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient...

Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 - Document Handling Buffer Overrun

source: https://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient boundary checks when parsing specific properties of malformed documents. As a result, a...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl

No description provided by source. !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string ...

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...