CVE-2018-5115

CVE-2018-5115 is a vulnerability in Firefox prior to version 58 where an HTTP authentication prompt triggered by a background network request can be displayed over the current foreground page, potentially confusing users about the request origin and leading them to submit credentials to a third p...

Mail.ru: Stored XSS in api.icq.net

Crossite scripting in api.icq.net domain. icq.net is considered as a sandbox domain, it does not use HTTP authentication or cookies, but XSS could be used to facilitate phishing attack...

JCS - Joomla Vulnerability Component Scanner

JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...

Amazon Linux 2 : curl (ALAS-2018-951)

HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

Webscreenshot - A Simple Script To Screenshot A List Of Websites

A simple script to screenshot a list of websites, based on the url-to-image phantomjs script. Features Integrating url-to-image 'lazy-rendering' for AJAX resources Fully functional on Windows and Linux systems Cookie and custom HTTP header definition support Multiprocessing and killing of...

Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

Amazon Linux AMI : curl (ALAS-2018-951)

Out-of-bounds read in code handling HTTP/2 trailers : libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. Th...

Important: curl

Issue Overview: Out-of-bounds read in code handling HTTP/2 trailers: libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less th...

Important: curl

Issue Overview: HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and...

lighttpd < 1.4.36 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.36. It is, therefore, affected by the following vulnerabilities : - modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without ...

Security fix for the ALT Linux 8 package curl version 7.58.0-alt1

Jan. 24, 2018 Anton Farygin 7.58.0-alt1 - new version - fixes: CVE-2018-1000005 HTTP/2 trailer out-of-bounds read CVE-2018-1000007 HTTP authentication leak in redirects...

CVE-2018-5115

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

CVE-2017-16953

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

WhatWeb v0.4.9 - Next Generation Web Scanner

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700...

Fedora 26 : webkitgtk4 (2017-9e83b902f9)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...