281 matches found
Coppermine Photo Gallery <= 1.4.10 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== Coppermine Photo Gallery "; print "\nProxyOptions..: "; print "\nExample.......: php xpl.php http://c.com/ admin passwd"; print...
CVE-2005-4874
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...
sysreport security update
CentOS Errata and Security Advisory CESA-2005:502 An updated sysreport package that fixes an information disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team Sysreport is a utility that gathers information about a...
DEBIAN-CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...
CVE-2005-0147
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials...
Browser responds to proxy auth request from non-proxy server (ssl/https) — Mozilla
If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization...
squid -- confusing results on empty acl declarations
Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...
Manage authentication for NTLM proxies
We want to access RRS content internally, but we are using a secured proxy requiring authentication via NTLM or user/password. We setted up the standard Java proxies properties: http.proxyHost, http.proxyPort and http.auth.ntlm.domain. But it seams that the http.auth.ntlm.domain properties does n...
Mandrake Linux Security Advisory : squid (MDKSA-2002:044)
Numerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication...
Apache mod_disk_cache stores client authentication credentials on disk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary: ======== moddiskcache stores all client authentication credentials for cached objects on disk. This means proxy authentication credentials as well as in certain RFC2616 defined cases standard authentication credentials. In case of Basic...
CURL-CVE-2003-1605 Proxy Authentication Header Information Leakage
When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server...
CVE-2002-0715
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password...
CVE-2002-0715
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password...
CVE-2002-0715
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password...
CVE-2002-0715
Affected software: Squid before 2.4.STABLE6. Vulnerability: handling of proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password. Public advisories note fixes in newer Squid releases (e.g., Mandrake MDKSA-2002:044 cites squid-2.4.STABLE7; Red Hat R...
CVE-2002-0715
Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password...
Squid Security Update Advisory 2002:3
Squid Proxy Cache Security Update Advisory SQUID-2002:3 Advisory ID: SQUID-2002:3 Date: July 3, 2002 Summary: Squid-2.4.STABLE7 released to address a number of security related issues. Affected versions: Squid-2.x up to and including 2.4.STABLE6 http://www.squid-cache.org/Advisories/SQUID-20023.t...
CVE-1999-1277
The CVE-1999-1277 issue affects the BackWeb client, where the proxy authentication username and password are stored in cleartext in the Communication registry key. This exposes credentials to other local users, enabling potential privilege escalation through password reading. Root cause: credenti...
CVE-1999-1277
BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password...
Security update 1970-01-01
...