CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

DEBIAN-CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

CVE-2011-1498 : Apache HttpClient (HttpComponents) 4.x release before 4.1.1 is vulnerable when used with an authenticating proxy; the Proxy-Authorization header is sent to the origin server, potentially logging sensitive credentials and exposing passwords. The description does not specify affecte...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2009-0612

Trend Micro InterScan Web Security Virtual Appliance IWSVA 3.x and InterScan Web Security Suite IWSS 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offeri...

Trend micro - IWSVA/IWSS - Authorization module password leak

There is possbile get username and password from "Proxy-Authorization" header, which is not correctly removed when authorization header sends WMP. Requirements: - IWSVA/IWSS basic authorization on - Client is using WMP 8-11 as video player - Standalone proxy if upstream proxy is used,...

Trend Micro InterScan Web Security Appliance / Trend Micro InterScan Web Security Suite information leak

Proxy-Authorization header is not removed from client request, leaking proxy username/password...

Ixprim CMS 1.2 - Blind SQL Injection

!/usr/bin/perl INFORMATIONS ============ Affected.scr..: Ixprim 1.2 Poc.ID........: 16061221 Type..........: Blind SQL Injection Risk.level....: Medium Conditions....: loadfile privilege ixp code only Src.download..: www.ixprim-cms.org Poc.link......: acid-root.new.fr/poc/16061221.txt...

Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit

Exploit for unknown platform in category web applications ====================================================================== Cahier de texte 2.0 Database Backup/Source Disclosure Remote Exploit ====================================================================== !/usr/bin/perl INFORMATIONS...

PixelMotionV2.1.1.txt

!/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..: www.pixelmotion.org/zip/blog2.1.zip Poc.link......:...

CVE-2005-2730

The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message...

Kerio Winroute firewall account information leak

If proxy authorization is used authentication information is not stripped from browser's request...