CVE-2024-43432 Moodle: authorization headers preserved between "emulated redirects"

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057

The module provides a possibility to restrict access to specific paths using basic HTTP authentication, in addition to standard Drupal access checks. In some cases, the module removes existing access checks from some paths, resulting in an access bypass vulnerability...

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of HTTP authentication requests, resulting in an authentication bypass vulnerability...

OKI Printer Default Login Credential Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework TODO: Split this module into two separate SNMP and HTTP modules. class MetasploitModule 'OKI Printer Default Login Credential Scanner', 'Description' = %q This module...

Plixer Scrutinizer NetFlow And SFlow Analyzer HTTP Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass', 'Description' = %q This will add an administrative account to...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angular: XSS vulnerability CVE-2021-4231 - Hawk is an HTTP authentication scheme providing mechanisms for...

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angular: XSS vulnerability CVE-2021-4231 - Hawk is an HTTP authentication scheme providing mechanisms for...

RHEL 4 : kdebase (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - konqueror visual hostname truncation in HTTP authentication dialog CVE-2007-3143 Note that Nessus has not tested fo...

RHEL 6 : kdebase (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - konqueror visual hostname truncation in HTTP authentication dialog CVE-2007-3143 - KDE Konqueror 3.5.5 an...

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 5 : kdebase (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - konqueror visual hostname truncation in HTTP authentication dialog CVE-2007-3143 - KDE Konqueror 3.5.5 an...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

Improper Input Validation

symphony is vulnerable to Improper Input Validation. The vulnerability is due to incorrect parsing of the Authorization header in applications using HTTP basic or digest authentication, which could be exploited in certain server setups...

openSUSE Security Advisory (openSUSE-SU-2024:0119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:0119-1 Security update for tinyproxy

This update for tinyproxy fixes the following issues: - Update to release 1.11.2 Fix potential use-after-free in header handling CVE-2023-49606, boo1223746 Prevent junk from showing up in error page in invalid requests CVE-2022-40468, CVE-2023-40533, boo1223743 - Move tinyproxy program to /usr/bi...

Mageia: Security Advisory (MGASA-2024-0086)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0086 Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration

OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when processing...

Design/Logic Flaw

LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...