CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

CVE-2017-16953

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

WhatWeb v0.4.9 - Next Generation Web Scanner

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700...

Fedora 26 : webkitgtk4 (2017-9e83b902f9)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...

Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

Fedora 25 : webkitgtk4 (2017-98bc28ae9e)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...

CVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site...

CVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site...

Apple iOS < 10.3 Multiple Vulnerabilities

Binary data 700034.prm...

Safari < 10.1 Multiple Vulnerabilities

Binary data 700033.prm...

Apple Safari Multiple Vulnerabilities (HT207600)

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

CVE-2013-6446

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs...

CVE-2013-6446

The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs...

CVE-2013-6446

The CVE concerns the JobHistory Server in Cloudera CDH 4.x prior to 4.6.0 and CDH 5.x prior to 5.0.0 Beta 2. When MRv2/YARN is used with HTTP authentication, remote authenticated users can obtain sensitive job information due to failure to enforce job ACLs. The description does not specify affect...

Shopify: CSRF in all API endpoints when authenticated using HTTP Authentication

Description: Short: I have found a CSRF vulnerability in all API endpoints /admin/anyapiendpoint/ if the current user has authenticated using HTTP authentication. Details: When a user generates API credentials for a private application in his shop he will be given API key and password that he can...

Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities

Obihai Technology recently patched vulnerabilities in its ObiPhone IP phones that could have led to memory corruption, buffer overflow, and denial of service conditions, among other outcomes. The California-based company manufactures IP-enabled phones and VOIP telephone adapters it calls OBi...

About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004

About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 This document describes the security content of OS X El Capitan v10.11.6 and Security Update 2016-004. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm securi...

Informatica: [oneclickdrsfdc-test.informatica.com] Tomcat Example Scripts Exposed Unauthenticated

Issue The consultant identified that there is an unauthenticated installation of apache tomcat installed on the affected host. This particular installation has the /examples directory exposed which contains several scripts that execute server side code, these scripts can also be leveraged to carr...