422 matches found
Default Credential Detection via HTTP Basic Authentication
Binary data 7141.pasl...
Cross site request forgery (csrf)
Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...
CVE-2015-4515
Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...
CVE-2015-4515
CVE-2015-4515 affects Mozilla Firefox before 42.0: when NTLM v1 is enabled for HTTP authentication, a crafted site can trigger an NTLM type 3 exchange that causes the Workstation field (hostname) to be disclosed to remote attackers. Impact is information disclosure of hostname/windows domain info...
Information disclosure through NTLM authentication — Mozilla
Security researcher Tim Brown reported that Firefox discloses the hostname and possibly the Windows domain through NTLM-based HTTP authentication when sending type 3 messages as part of the authentication exchange. This is because the Workstation field is populated with the hostname of the system...
Amazon Linux: Security Advisory (ALAS-2012-107)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
Default configuration
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
CVE-2015-3200
The CVE-2015-3200 entry concerns lighttpd mod_auth prior to 1.4.36. A remote attacker can inject log entries via a basic-auth string without a colon, demonstrated using a NULL/newline in the string. Impact is log injection; some references note potential information exposure. Remediation exists: ...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
lighttpd -- Log injection vulnerability in mod_auth
MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
Unspecified Vulnerability in Websense TRITON AP-WEB
Websense TRITON is the Unified Content Architecture for data security. Websense TRITON AP-WEB HTTP authentication unspecified security vulnerability allows attackers to submit a special request to enumerate windows domain users...
CVE-2015-2762
Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication...