Information Disclosure

requests is vulnerable to information disclosure attacks. The HTTP Authorization header is sent via insecure HTTP channel when a same-hostname HTTPS-to-HTTP redirect is received, allowing remote attackers in the same network to discover credentials by sniffing the network traffic...

CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...

PYSEC-2018-28

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...

CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...

www/py-requests -- Information disclosure vulnerability

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

Information Disclosure Through Logs

logstash-core is vulnerable to information disclosure. The vulnerability is possible because it logs information from HTTP authorization headers which could contain sensitive information. Users who use secure communication from logstash to elasticsearch via basic authorization using elastic shiel...

Logstash 2.3.3 Elasticsearch Output Vulnerability

Hi all, we would like to announce a security vulnerability we discovered in our testing. Logstash 2.3.4 has been released with a patch to fix this. Issue Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

Edimax Products Multiple Vulnerabilities (Sep 2015) - Active Check

Edimax products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Edimax PS-1206MF - Web Admin Authentication Bypass

Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote attacker is able to change specific settings or eve...

Edimax PS-1206MF - Web Admin Auth Bypass Vulnerability

Exploit for hardware platform in category web applications Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi,...

VDG Security Sense <= 2.3.13 Multiple Vulnerabilities - Active Check

VDG Security Sense is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication flaw

The Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header...

CVE-2013-3092

The vulnerability CVE-2013-3092 affects the Belkin N300 (F7D7301v1) router. The issue arises from incorrect validation of the HTTP Authorization header, enabling remote attackers to bypass authentication and escalate privileges. The impact is authentication bypass with full or elevated access, as...

CVE-2013-3092

The Belkin N300 F7D7301v1 router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header...

Spreecommerce < 0.50.0 Arbitrary Command Execution

Exploit for unix platform in category remote exploits $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...

Spreecommerce Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in the Spreecommerce API searchlogic for versions 0.50.0 and earlier. Unvalidated input is called via the Ruby send method allowing command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Authorization

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service operating system halt via a malformed HTTP Authorization header...

Mandriva Update for firefox MDVSA-2010:070 (firefox)

Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2010:070 firefox Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...