CVE-2019-6971

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials...

CVE-2019-6971

CVE-2019-6971 affects TP-Link TL-WR1043ND V2 routers. The issue is an authentication bypass: an attacker can send a cookie in an HTTP authentication packet to the router management Web UI and gain full control without credentials. Public exploitation exists (e.g., TP-Link TL-WR1043ND 2 - Authenti...

FreeBSD : phpMyAdmin -- CSRF vulnerability in login form (a5681027-8e03-11e9-85f4-6805ca0b3d42)

The phpMyAdmin development team reports : Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdm...

Information Disclosure

Undertow Core is vulnerable to information disclosure. Confidential information such as HTTP Authentication for HttpServerExchange object at ERROR level are logged in plain text using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange by Connectors.executeRootHandler:402...

EUVD-2017-6225

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public...

CVE-2019-10233

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie...

CVE-2019-7714

An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...

Stack overflow

An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...

CVE-2019-7714

An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...

Information Disclosure

yiisoft/yii2 is vulnerable to information disclosure. Confidential information such as HTTP authentication credentials containing username and password are logged in \yii\log\Target, which could allow an attacker to retrieve the information from log files and gain access to the application...

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

Authentication flaw

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

aria2 1.33.1 Password Disclosure

Exploit Title: Metadata and potential password leak in aria2 Date: 2019-01-02 Exploit Author: Dhiraj Mishra Software Link: https://github.com/aria2/aria2 Version: aria2 1.33.1 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-3500 Summary aria2 is a lightweight multi-protocol command-line utility,...

SUSE-SU-2018:4215-1 Security update for enigmail

This update for enigmail to version 2.0.9 fixes the following issues: Security issue fixed: - When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials bsc1118935. Non-security issues fixed: - pEp - PGP/MIME signed-only...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

Scientific Linux Security Update : curl and nss-pem on SL7.x x86_64 (20181030)

Security Fixes : - curl: HTTP authentication leak in redirects CVE-2018-1000007 - curl: FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - curl: RTSP RTP buffer over-read CVE-2018-1000122 - curl: Out-of-bounds heap read when missing RTSP headers allows information leak of...

RHEL 7 : curl and nss-pem (RHSA-2018:3157)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3157 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Swap Digger - Tool That Automates Swap Extraction And Searches For Linux User Credentials, Web Forms Credentials, Web Forms Emails, Http Basic Authentication, Wifi SSID And Keys, Etc

swapdigger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. Download and run the tool O...