Xerver 4.32 Source Disclosure and HTTP Authentication Bypass

Exploit for windows platform in category remote exploits ============================================================ Xerver 4.32 Source Disclosure and HTTP Authentication Bypass ============================================================ Exploit Title: Xerver Source Disclosure and HTTP Auth...

Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)

Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the Metasploit Framework and may be subject t...

Authorization

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...

CVE-2010-0172

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...

Apple Saferi multiple vulnerabilities (Mar10)

The host is running Apple Saferi and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodapplesafarimultvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Apple Safari multiple vulnerabilities Mar10 Authors: Madhuri D Updated By: Antu Sanadi on 2010-18-2010 Added the CVE and...

Google Chrome Multiple Vulnerabilities - (Windows)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnwin02.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome Multiple Vulnerabilities - Windows Authors: Antu Sanadi Copyright: Copyright c 2010 SecPod,...

Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions:...

Google Chrome < 4.0.249.89 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 4.0.249.89. Such versions are reportedly affected by multiple vulnerabilities : - Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose sensitive data. Issue 12303,...

Google Chrome < 4.0.249.89 Multiple Vulnerabilities

Binary data 5336.pasl...

CVE-2010-0551

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak...

CVE-2010-0554

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack...

Authentication flaw

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack...

Design/Logic Flaw

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak...

CVE-2010-0551

CVE-2010-0551 affects Geo++ GNCASTER 1.4.0.7 and earlier. The HTTP authentication implementation allows remote attackers to read authentication headers from other users by sending a large request with an incorrect authentication attempt, resulting in memory disclosure (often called a memory leak)...

CVE-2010-0551

HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak...

CVE-2010-0554

The CVE-2010-0554 entry concerns Geo++ GNCASTER, affected in versions 1.4.0.7 and earlier. The HTTP Authentication implementation uses the same nonce for all authentication attempts, enabling replay attacks that can hijack web sessions or bypass authentication. This is the root cause: nonce reuse...

Ipswitch WhatsUp Gold 8.03 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Ipswitch...

Protected Web Page Detection

The remote web server requires HTTP authentication for the following pages. Several authentication schemes are available : - Basic is the simplest, but the credentials are sent in cleartext. - NTLM provides an SSO in a Microsoft environment, but it cannot be used on both the proxy and the web...

ntop DoS

NULL pointer dereference on HTTP authentication...

CVE-2009-2422

The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...