426 matches found
Fedora 22 : webkitgtk4-2.10.9-1.fc22 (2016-68b43a4e0d)
This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...
innovaphone IP222 11r2 sr9 Brute Force
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-018 Product: innovaphone IP222 Manufacturer: innovaphone AG Affected Versions: 11r2 sr9 Tested Versions: 11r2 sr9 Vulnerability Type: Improper Restriction of Excessive Authentication Attempts CWE-307 Risk Level: Medium Solutio...
Fedora 23 : webkitgtk4-2.10.9-1.fc23 (2016-7eb48a78dc)
This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...
Default Credential Detection via HTTP Basic Authentication
Binary data 7141.pasl...
Cross site request forgery (csrf)
Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...
CVE-2015-4515
CVE-2015-4515 affects Mozilla Firefox before 42.0: when NTLM v1 is enabled for HTTP authentication, a crafted site can trigger an NTLM type 3 exchange that causes the Workstation field (hostname) to be disclosed to remote attackers. Impact is information disclosure of hostname/windows domain info...
CVE-2015-4515
Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...
Information disclosure through NTLM authentication — Mozilla
Security researcher Tim Brown reported that Firefox discloses the hostname and possibly the Windows domain through NTLM-based HTTP authentication when sending type 3 messages as part of the authentication exchange. This is because the Workstation field is populated with the hostname of the system...
Amazon Linux: Security Advisory (ALAS-2012-107)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
Default configuration
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
CVE-2015-3200
The CVE-2015-3200 entry concerns lighttpd mod_auth prior to 1.4.36. A remote attacker can inject log entries via a basic-auth string without a colon, demonstrated using a NULL/newline in the string. Impact is log injection; some references note potential information exposure. Remediation exists: ...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...
CVE-2015-3200
modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...