419 matches found
CVE-2019-7714
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...
Stack overflow
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...
CVE-2019-7714
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check the size of the header, leading to a stack-based buffer overflow...
Information Disclosure
yiisoft/yii2 is vulnerable to information disclosure. Confidential information such as HTTP authentication credentials containing username and password are logged in \yii\log\Target, which could allow an attacker to retrieve the information from log files and gain access to the application...
CVE-2016-4644
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...
CVE-2016-4644
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...
Authentication flaw
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...
CVE-2016-4644
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...
aria2 1.33.1 Password Disclosure
Exploit Title: Metadata and potential password leak in aria2 Date: 2019-01-02 Exploit Author: Dhiraj Mishra Software Link: https://github.com/aria2/aria2 Version: aria2 1.33.1 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-3500 Summary aria2 is a lightweight multi-protocol command-line utility,...
SUSE-SU-2018:4215-1 Security update for enigmail
This update for enigmail to version 2.0.9 fixes the following issues: Security issue fixed: - When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials bsc1118935. Non-security issues fixed: - pEp - PGP/MIME signed-only...
CVE-2018-18353
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...
Scientific Linux Security Update : curl and nss-pem on SL7.x x86_64 (20181030)
Security Fixes : - curl: HTTP authentication leak in redirects CVE-2018-1000007 - curl: FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - curl: RTSP RTP buffer over-read CVE-2018-1000122 - curl: Out-of-bounds heap read when missing RTSP headers allows information leak of...
RHEL 7 : curl and nss-pem (RHSA-2018:3157)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3157 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
Swap Digger - Tool That Automates Swap Extraction And Searches For Linux User Credentials, Web Forms Credentials, Web Forms Emails, Http Basic Authentication, Wifi SSID And Keys, Etc
swapdigger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. Download and run the tool O...
Microsoft PowerShell Core Information Disclosure Vulnerability (Oct 2018) - Windows
This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8292. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
.NET Core Information Disclosure Vulnerability (Oct 2018) - Windows
.NET Core is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft PowerShell Core Information Disclosure Vulnerability (Oct 2018) - Linux
This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8292. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Microsoft PowerShell Core Information Disclosure Vulnerability (Oct 2018) - Mac OS X
This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8292. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2018-5115
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the...
CVE-2018-5115
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the...