11 matches found
security-guide-for-developers
This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...
How to Force Enterprise Manager Login to Use Form-Based Authentication
Article Applicability This article applies to Veeam Backup & Replication 12.x and older, as in those versions, the default was for Veeam Backup Enterprise Manager to utilize a Windows Authentication pop-up key="useWindowsAuth" value="true". Starting in Veeam Backup Enterprise Manager v13, the...
KLA10752 Denial of service vulnerability in Microsoft Acrtive Directory Federation Services
Lack of input data checks was found in Microsoft Active Directory Federation Services. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed input to form-based authentication. Original advisories...
Fiyo CMS 2.0_1.9.1 - SQL Injection
Exploit Title: Fiyo CMS multiple SQL vulnerability Date: 2015-06-28 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.fiyo.org/ Software Link: http://tcpdiag.dl.sourceforge.net/project/fiyo-cms/Fiyo%202.0/fiyocms2.0.2.zip Version: 2.01.9.1 Tested on: Apache/2.4.7 Win32 CVE : CVE-2015-393...
Ruby Web Applications Vulnerability Scanner: Yasuo
Ruby Web Applications Vulnerability Scanner Yasuo is a ruby script that scans for vulnerable 3rd-party web applications While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us ...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
CVE-2014-5171
CVE-2014-5171 concerns SAP HANA Extend Application Services (XS). The issue is that transmissions for applications using SSL form-based authentication are not encrypted, enabling remote attackers to capture credentials and other sensitive data by sniffing the network. The affected component is th...
PT-2014-6310 · Sap · Sap Hana Extended Application Services
Name of the Vulnerable Software and Affected Versions: SAP HANA Extend Application Services XS affected versions not specified Description: The issue concerns the lack of encryption for transmissions in applications that use form-based authentication with SSL, allowing remote attackers to interce...
EAP6: Plain text password logging during security audit
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...
PT-2009-3226 · Apache +2 · Apache Tomcat +2
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.39 Apache Tomcat versions 5.5.0 through 5.5.27 Apache Tomcat versions 6.0.0 through 6.0.18 Description: The issue allows remote attackers to enumerate valid usernames via requests to "/j security check...