36 matches found
EUVD-2006-4704
Malware in sbrugna...
EUVD-2006-1396
Malware in sbrugna...
FreeBSD Ports: pubcookie-login-server
The remote host is missing an update to the system as announced in the referenced advisory. VID 115a1389-858e-11e0-a76c-000743057ca2 OpenVAS Vulnerability Test $ Description: Auto generated from VID 115a1389-858e-11e0-a76c-000743057ca2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
FreeBSD Ports: pubcookie-login-server
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : Pubcookie Login Server -- XSS vulnerability (115a1389-858e-11e0-a76c-000743057ca2)
Nathan Dors, Pubcookie Project reports : A new non-persistent XSS vulnerability was found in the Pubcookie login server's compiled binary 'index.cgi' CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to carefully craft...
FreeBSD Ports: pubcookie-login-server
The remote host is missing an update to the system as announced in the referenced advisory. VID 855cd9fa-c452-11da-8bff-000ae42e9b93 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: drupal-pubcookie
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: drupal-pubcookie
The remote host is missing an update to the system as announced in the referenced advisory. VID c0fd7890-4346-11db-89cc-000ae42e9b93 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: pubcookie-login-server
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Pubcookie Login Server -- XSS vulnerability
Nathan Dors, Pubcookie Project reports: A new non-persistent XSS vulnerability was found in the Pubcookie login server's compiled binary "index.cgi" CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to carefully crafte...
mod_pubcookie -- Empty Authentication Security Advisory
Nathan Dors, Pubcookie Project reports: An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web...
FreeBSD : drupal-pubcookie -- authentication may be bypassed (c0fd7890-4346-11db-89cc-000ae42e9b93)
The Drupal Project reports : It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user. %NASLMINLEVEL 70300 C...
CVE-2006-4717
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors...
CVE-2006-4717
CVE-2006-4717 concerns the Drupal Pubcookie module and its login redirection mechanism. Affected: Drupal 4.7 Pubcookie module before 1.2.2.4 (2006/09/06) and Drupal 4.6 Pubcookie module before 1.6.2.1 (2006/09/07). Description states that remote attackers can bypass authentication requirements an...
CVE-2006-4717
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors...
drupal-pubcookie -- authentication may be bypassed
The Drupal Project reports: It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user...
Pubcookie security bypass
It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user. Versions affected Drupal core is not affected. If you d...
FreeBSD : mod_pubcookie -- XSS vulnerability (91afa94c-c452-11da-8bff-000ae42e9b93)
Nathan Dors of the Pubcookie Project reports : Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module modpubcookie and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests...
FreeBSD : pubcookie-login-server -- XSS vulnerability (855cd9fa-c452-11da-8bff-000ae42e9b93)
"Nathan Dors of the Pubcookie Project reports : Multiple non-persistent XSS vulnerabilities were found in the Pubcookie login server's compiled binary 'index.cgi' CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to...
Pubcookie Login Server index.cgi XSS
The remote host is running Pubcookie, an open source package for intra-institutional, single-sign-on, end-user web authentication. The version of the Login Server component of Pubcookie installed on the remote host fails to sanitize user-supplied input to various parameters of the 'index.cgi'...