Safari < 5.1.4 Multiple Vulnerabilities

The version of Safari installed on the remote host reportedly is affected by several issues : - Look-alike characters in a URL could be used to masquerade a website. CVE-2012-0584 - Web page visits may be recorded in browser history even when private browsing is active. CVE-2012-0585 - Multiple...

FreeBSD Ports: lighttpd

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: lighttpd

The remote host is missing an update to the system as announced in the referenced advisory. VID c6521b04-314b-11e1-9cf4-5404a67eef98 OpenVAS Vulnerability Test $ Description: Auto generated from VID c6521b04-314b-11e1-9cf4-5404a67eef98 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2368-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : lighttpd -- remote DoS in HTTP authentication (c6521b04-314b-11e1-9cf4-5404a67eef98)

US-CERT/NIST reports : Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

Integer overflow

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

CVE-2011-4362

CVE-2011-4362 affects lighttpd: a signedness error in the base64_decode routine used by HTTP authentication (http_auth.c) can trigger an out-of-bounds read with a negative index, allowing a remote attacker to cause a denial of service (segmentation fault). Impacted versions are lighttpd 1.4 befor...

lighttpd -- remote DoS in HTTP authentication

US-CERT/NIST reports: Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that...

GLSA-201110-23 : Apache mod_authnz_external: SQL injection

The remote host is affected by the vulnerability described in GLSA-201110-23 Apache modauthnzexternal: SQL injection mysql/mysql-auth.pl in modauthnzexternal does not properly sanitize input before using it in a SQL query. Impact : A remote attacker could exploit this vulnerability to inject...

Apache mod_authnz_external: SQL injection

Background modauthnzexternal is a tool for creating custom authentication backends for HTTP basic authentication. Description mysql/mysql-auth.pl in modauthnzexternal does not properly sanitize input before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...

JonDoFox 2.5.3 - Browser Optimized for anonymous and secure web surfing

JonDoFox 2.5.3 - Browser Optimized for anonymous and secure web surfing The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a...

CURL-CVE-2011-2192 inappropriate GSSAPI delegation

When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a sensitive operation, which...

[SECURITY] Fedora 15 Update: httpcomponents-client-4.1.1-2.fc15

HttpClient is a HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It also provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. HttpComponents Client is a successor of and replacement for Commons HttpClient...

SuSE 10 Security Update : ruby (ZYPP Patch Number 6338)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

http-brute NSE Script

Performs brute force password auditing against http basic, digest and ntlm authentication. This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored in the nmap registry, using the creds library, for other scripts to use. Script Arguments...

Xerver 4.32 Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...