45 matches found
EUVD-2021-10893
Malware in sbrugna...
EUVD-2023-31211
Malicious code in bioql PyPI...
CVE-2023-27435
Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...
CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
HTTP Auth < 1.0.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-27435
Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...
CVE-2023-27435
Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...
CVE-2023-27435 WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...
CVE-2023-27435 WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin = 0.3.2 versions...
CVE-2023-27435
The CVE-2023-27435 entry concerns the WordPress HTTP Auth Plugin, vulnerable in versions 0.3.2, with patch 1.0.0 indicated as the fix. Exploitability details in the connected docs show unauthenticated access as a consideration; exploitation status is not definitively provided beyond the CSRF cla...
PT-2023-21124 · Unknown · Sami Ahmed Siddiqui Http Auth Plugin
Name of the Vulnerable Software and Affected Versions: Sami Ahmed Siddiqui HTTP Auth plugin versions 0.3.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...
WordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software HTTP Auth Type Plugin Vulnerable versions = 0.3.2 Fixed in 1.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27435 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 3c605b41c95d Credits Mika Required privilege...
DOMDig - DOM XSS Scanner For Single Page Applications
DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition
Impact Incorrect routing of some HTTP requests when using httpauth due to a race condition Patches Upgrade to version 0.7.2 for fix Workarounds None For more information If you have any questions or comments about this advisory: Email us at [email protected]...
CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
Design/Logic Flaw
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://email protected'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser...
CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
CVE-2021-23972
The CVE-2021-23972 entry concerns Mozilla Firefox before version 86, where a phishing technique using an HTTP-Auth-style link (e.g., https://user@target) could bypass a warning dialog if a cached redirect was involved. The issue affects Firefox clients (network attack surface) and has high impact...