SuSE 10 Security Update : ruby (ZYPP Patch Number 6338)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

http-brute NSE Script

Performs brute force password auditing against http basic, digest and ntlm authentication. This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored in the nmap registry, using the creds library, for other scripts to use. Script Arguments...

Xerver 4.32 Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...

Xerver 4.32 Source Disclosure and HTTP Authentication Bypass

Exploit for windows platform in category remote exploits ============================================================ Xerver 4.32 Source Disclosure and HTTP Authentication Bypass ============================================================ Exploit Title: Xerver Source Disclosure and HTTP Auth...

Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)

Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the Metasploit Framework and may be subject t...

Authorization

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...

CVE-2010-0172

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...

Apple Saferi multiple vulnerabilities (Mar10)

The host is running Apple Saferi and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodapplesafarimultvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Apple Safari multiple vulnerabilities Mar10 Authors: Madhuri D Updated By: Antu Sanadi on 2010-18-2010 Added the CVE and...

Google Chrome Multiple Vulnerabilities - (Windows)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnwin02.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome Multiple Vulnerabilities - Windows Authors: Antu Sanadi Copyright: Copyright c 2010 SecPod,...

Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions:...

Google Chrome < 4.0.249.89 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 4.0.249.89. Such versions are reportedly affected by multiple vulnerabilities : - Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose sensitive data. Issue 12303,...

Google Chrome < 4.0.249.89 Multiple Vulnerabilities

Binary data 5336.pasl...

CVE-2010-0551

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak...

CVE-2010-0554

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack...

Authentication flaw

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack...

Design/Logic Flaw

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak...

CVE-2010-0551

CVE-2010-0551 affects Geo++ GNCASTER 1.4.0.7 and earlier. The HTTP authentication implementation allows remote attackers to read authentication headers from other users by sending a large request with an incorrect authentication attempt, resulting in memory disclosure (often called a memory leak)...

CVE-2010-0554

The CVE-2010-0554 entry concerns Geo++ GNCASTER, affected in versions 1.4.0.7 and earlier. The HTTP Authentication implementation uses the same nonce for all authentication attempts, enabling replay attacks that can hijack web sessions or bypass authentication. This is the root cause: nonce reuse...

CVE-2010-0551

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak...

Ipswitch WhatsUp Gold 8.03 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Ipswitch...