273 matches found
AUO Solar Data Recorder Incorrect Access Control
Exploit Title: AUO Solar Data Recorder - Incorrect Access Control Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
Security Bulletin: User passwords might be obtained by a brute force attack on IBM® Intelligent Operations Center (CVE-2019-4067)
Summary If your IBM® Intelligent Operations Center system is configured to use a Lightweight Directory Access Protocol LDAP user registry, user passwords might be obtained by a brute force attack that uses HTTP basic authentication requests to IBM Intelligent Operations Center. Vulnerability...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
CVE-2019-11454
CVE-2019-11454 affects Monit before 5.25.3, with a persistent cross‑site scripting (XSS) flaw in http/cervlet.c that could be triggered via an unsanitized user field in the Authorization header during an _viewlog operation. Connected advisories show multiple distributions addressing this with fix...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
Kentix MultiSensor-LAN 5.63.00 Authentication Bypass Vulnerability
Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
Default credentials
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...
Moderate severity vulnerability that affects actionpack
Withdrawn, accidental duplicate publish. The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and...
Check_MK < 1.2.8p25, 1.4.x < 1.4.0p9 XSS Vulnerability
CheckMK is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; i...
CVE-2017-11507
A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...
CVE-2017-11507
A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...
Cross site scripting
A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...
D-Link DIR-605L Model B Denial of Service Vulnerability
D-Link DIR-605L Model B is a wireless router product from AUO D-Link. A denial of service vulnerability exists in versions prior to D-Link DIR-605L Model B FW2.11betaB06hbrf. An attacker could exploit this vulnerability by sending an HTTP request with a password field with a long string in the HT...
Cross site request forgery (csrf)
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...