reuse of wrong HTTP NTLM connection

libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...

Unauthorized console access on Satechi travel router v1.5

Satechi makes a travel router that broadcasts a protected wifi network that can be configured connect to either a wired or wireless network on it’s public wan interface. It runs a customized dd-wrt build from version 2.4 The router is configurable via a web interface available within its protecte...

Amazon Linux AMI : lighttpd (ALAS-2012-107)

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

Fedora Update for nodejs-hawk FEDORA-2013-11780

Check for the Version of nodejs-hawk OpenVAS Vulnerability Test Fedora Update for nodejs-hawk FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

[SECURITY] Fedora 18 Update: nodejs-hawk-0.15.0-1.fc18

Hawk is an HTTP authentication scheme using a message authentication code MAC algorithm to provide partial HTTP request cryptographic verification...

ZPanel 10.0.0.2 htpasswd Module - 'Username' Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZPanel 10.0.0.2...

Cisco Linksys E1200 / N300 Cross Site Scripting Vulnerability

Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability. Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue :...

Cisco Linksys E1200 / N300 Cross Site Scripting

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...

Google Chrome < 26.0.1410.43 Multiple Vulnerabilities

Binary data 6724.pasl...

Google Chrome - Silent HTTP Authentication

Google Chrome - Silent HTTP Authentication Exploit Title: Google Chrome Silent HTTP Authentication Date: 2-5-2013 Exploit Author: T355 Vendor Homepage: http://www.google.com/chrome Version: 24.0.1312.57 Tested on: Tested on: Windows 7 & Mac OSX Mountain Lion CVE : n/a VULNERABILITY DETAILS The...

SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering

This module makes use of the RFCSYSTEMINFO Function to obtain the operating system version, SAP version, IP address and other information through the use of the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source:...

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow &amp; sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...

CVE-2012-3424

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging...

Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass

This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload

Exploit for php platform in category web applications Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build 9.0.1.19899 and prior versions may be affected as well. Please note that the software can be found in a...

Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload

Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...

Medium: lighttpd

Issue Overview: Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers a...

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow &amp; sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow a...

Scrutinizer NetFlow & sFlow Analyzer Multiple Vulnerabilities

Exploit for multiple platform in category web applications Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...

Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities

Scrutinizer NetFlow sFlow Analyzer - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer...