348 matches found
DSA-1583-1 gnome-peercast - several vulnerabilities
Bulletin has no description...
peercast -- arbitrary code execution
Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...
Design/Logic Flaw
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...
CVE-2008-0174
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...
Authentication flaw
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0410
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
CVE-2008-0407
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0410
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
CVE-2008-0408
CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...
Authentication flaw
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
CVE-2008-0367
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...
CVE-2008-0367
CVE-2008-0367 affects Mozilla Firefox (2.0.0.11, 3.0b2, and possibly earlier) in the HTTP Basic Authentication prompt, where prompting for credentials causes the realm text to display after the site, potentially enabling phishing/spoofing by remote servers. The available connected documents descr...
Boa 0.93.15 - HTTP Basic Authentication Bypass
Boa 0.93.15 - HTTP Basic Authentication Bypass / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ----...
Boa 0.93.15 - HTTP Basic Authentication Bypass
/ Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions Original Advisory: http://www.securityfocus.com/archive/1/479434 http://www.ikkisoft.com/stuff/SN-2007-02.txt Luca "ikki" Carettoni http://www.ikkisoft.com / ---- !/usr/bin/env python import urllib2 SERVERIPADDRESS ...
Cross site request forgery (csrf)
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP...
CVE-2007-4915
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP...
CVE-2007-4915
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP...