4634 matches found
apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...
DEBIAN-CVE-2012-6139
libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...
Null pointer dereference
libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...
Ubuntu Update for libxslt USN-1784-1
Check for the Version of libxslt OpenVAS Vulnerability Test $Id: gbubuntuUSN17841.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for libxslt USN-1784-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...
Git Repository Served by Web Server
The web server on the remote host allows read access to a Git repository. This potential flaw can be used to download content from the Web server that might otherwise be private. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...
DEBIAN-CVE-2013-0312
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service crash via a zero length LDAP control sequence...
apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...
apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...
CVE-2012-5629
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
Authentication flaw
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
CVE-2012-5629
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
CVE-2012-5629
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
CVE-2012-5629
The CVE-2012-5629 issue affects JBoss EAP/EWP: default configurations of LdapLoginModule and LdapExtLoginModule in EAP 4.3.0 CP10, 5.2.0, 6.0.1 and EWP 5.2.0 allow remote attackers to bypass authentication by supplying an empty password. The vulnerability is an authentication bypass in the LDAP l...
PT-2013-1816 · Red Hat · Red Hat Jboss Enterprise Application Platform +1
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions 4.3.0 CP10 through 6.0.1 JBoss Enterprise Web Platform EWP version 5.2.0 Description: The default configuration of the LdapLoginModule and LdapExtLoginModule modules allows remote attackers t...
Google Fusion Tables Cross Site Scripting
Title: Google Fusion Tables XSS HTML Injection Vulnerability Release Date: 07/03/2013 Author: Junaid Hussain - illSecure Research Group Contact: [email protected] | Website: http://illSecure.com Vulnerable Application: https://www.google.com/fusiontables/DataSource?dsrcid=implicit...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...