CVE-2025-48027

The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver...

CVE-2025-48027

The CVE-2025-48027 entry concerns the HttpAuth plugin in pGina.Fork up to version 3.9.9.12. Affected component is the HttpAuth plugin used by pGina.Fork; root cause is authentication bypass when an adversary controls DNS resolution for pginaloginserver. Documents from multiple sources confirm the...

CVE-2025-48027

The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver...

pGina 安全漏洞

pGina is an open source Windows authentication tool from the individual developer Hans Wurst. A security vulnerability exists in pGina version 3.9.9.12 and earlier, which stems from the HttpAuth plugin that can bypass authentication when DNS resolution is controlled...

PT-2025-21263 · Unknown · Pgina.Fork

Name of the Vulnerable Software and Affected Versions: pGina.Fork versions 3.9.9.12 and earlier Description: The issue allows authentication bypass when an adversary controls DNS resolution for pginaloginserver. This occurs due to a flaw in the HttpAuth plugin. Recommendations: For versions...

Open Redirect

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Open Redirect due to the cURL wrapper behavior, in Moodle stripped HTTPAUTH and USERPWD headers, during emulated redirects. Remediation Upgrade moodle/moodle to version 4.4.2, 4.3.6, 4.2.9, 4.1.12 o...

Amazon Linux 2 : ruby (ALAS-2024-2486)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2486 advisory. A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the...

Race Condition

github.com/ntbosscher/gobase, is vulnerable to race conditions. The vulnerability exists in the httpauth function in the main.go file allowing an attacker to redirect HTTP requests to incorrect routing...

Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2588 advisory. - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user...

Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. ruby 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing...

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1615)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation...

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

Code injection

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

CVE-2019-16201

CVE-2019-16201 affects Ruby’s WEBrick DigestAuth implementations across multiple Ruby branches (up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4). The issue is a regular-expression Denial of Service caused by backtracking in DigestAuth, requiring a WEBrick server exposed to the Internet or a...

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...