CVE-2021-23972

The CVE-2021-23972 entry concerns Mozilla Firefox before version 86, where a phishing technique using an HTTP-Auth-style link (e.g., https://user@target) could bypass a warning dialog if a cached redirect was involved. The issue affects Firefox clients (network attack surface) and has high impact...

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

Phishing Attack

firefox is vulnerable to phishing attack. The vulnerability exists as the HTTP Auth phishing warning was omitted when a redirect is cached...

Mozilla Firefox < 86.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-07 advisory. - Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bug...

EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1031)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the 'command' argument to Shell o...

Replay Attack

http-auth is vulnerable to replay attack. The vulnerability exists because it is not properly invalidate expired Nonce in validateNonce and allows the replay attack when the client specifies a large nonceCount value...

CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

CVE-2018-18353

This CVE refers to Google Chrome/Chromium’s Network Authentication component, where failure to dismiss HTTP auth dialogs on navigation could let a remote attacker confuse the user about the origin of an auto dialog. Connected advisories indicate the issue affects Chromium/Chrome builds before ver...

Fedora 24 : webkitgtk4 (2017-d39099ea6a)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...

jSQL Injection v0.77 - Java application for automatic SQL database injection

jSQL Injection is a lightweight application used to find database information from a distant server. It's is free , open source and cross-platform Windows, Linux, Mac OS X. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions lik...

curl security, bug fix, and enhancement update

7.29.0-25.0.1 - disable check to make build pass 7.29.0-25 - fix spurious failure of test 1500 on ppc64le 1218272 7.29.0-24 - use the default min/max TLS version provided by NSS 1170339 - improve handling of timeouts and blocking direction to speed up FTP 1218272 7.29.0-23 - require credentials t...

DrayTek VigorACS SI 1.3.0 File Write / LFI / File Upload

DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This is not so much a software vulnerability but more a configuration issue. 2.2 Unauthenticated arbitrary file read/write functionality via...

Xerver 4.32 - Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...

Cisco Aironet AP1x00 Malformed HTTP GET Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8290/info Cisco Aironet AP1x00 series devices are prone to a denial of service vulnerability upon receipt of a malformed HTTP GET request. Such a request will cause the device to reload. !/usr/bin/perl Cisco Global...

[THC-Hydra v7.6] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

Nmap NSE 6.01: http-auth

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated

THC-HYDRA 7.2 - Fast and Flexible network login Bruteforce Tool Updated One of the most famous network logon cracker – THC-HYDRA 7.2 get latest Update. Hydra is a parallized login cracker which supports numerous protocols to attack. New modulesare easy to add, beside that, it is flexible and very...

Nmap NSE net: http-auth

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xerver 4.32 Source Disclosure / HTTP Auth Bypass

Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the Metasploit Framework and may be subject t...