Mc.Graw Hill – Hacking Exposed 3rd Edition 2011

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web...

Authentication flaw

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via...

CVE-2010-4566

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via...

Cisco IOS Software Authentication Proxy Vulnerability - Cisco Systems

Cisco IOS Software configured with Authentication Proxy for HTTPS, Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage. Cisco has released free software updates that...

PRE DYNAMIC INSTITUTION WEB authentication bypass

Exploit for php platform in category web applications ================================================= PRE DYNAMIC INSTITUTION WEB authentication bypass ================================================= Exploit Title: PRE DYNAMIC INSTITUTION WEB authentication bypass Date: 16th july 2010 Author:...

Update Protection against Cisco IOS Administrative Interface HTTP Authentication

Cisco Wireless LAN Controllers WLCs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service QoS, and mobility. An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to...

Iomega StorCenter Pro NAS Web Authentication Bypass

The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs, allowing for simple brute force attacks to bypass authentication and gain administrative access. This module requires Metasploit: https://metasploit.com/download Current source:...

Cross site request forgery (csrf)

The Cisco Wireless LAN Controller WLC, Cisco Catalyst 6500 Wireless Services Module WiSM, and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service device reload via a web...

Design/Logic Flaw

The Cisco Wireless LAN Controller WLC, Cisco Catalyst 6500 Wireless Services Module WiSM, and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service web authentication outage or device reload...

CVE-2009-0059

The Cisco Wireless LAN Controller WLC, Cisco Catalyst 6500 Wireless Services Module WiSM, and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service device reload via a web...

IBM WebSphere Application Server 7.0 < Fix Pack 1 Multiple Vulnerabilities

Binary data 4783.prm...

Potential SQL injection vulnerability in Apache::AuthCAS

Some weeks ago, I sent the following message to David Castro, the author of Apache::AuthCAS. As there hasn't been any reply and the guys at ja-sig.org haven't been able or willing to look into it, perhaps there is somebody here who wants to have a closer look at this? CAS is the Central...

IBM Rational ClearQuest - Web Authentication Bypass SQL Injection

IBM Rational ClearQuest - Web Authentication Bypass SQL Injection +==============================================================+ + IBM Rational ClearQuest Web Login Bypass SQL Injection + +==============================================================+ DISCOVERED BY: ============== SecureState...

IBM Rational ClearQuest - Web Authentication Bypass / SQL Injection

+==============================================================+ + IBM Rational ClearQuest Web Login Bypass SQL Injection + +==============================================================+ DISCOVERED BY: ============== SecureState sasquatch - [email protected] rel1k - [email protected]...

Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories

Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera’s HTTP authentication dialog cuts off long server name at the right hand end. Severity: Less severe Problem description Opera’s HTTP authentication dialog is...

Bit 5 Blog 8.1 - &#039;addcomment.php&#039; HTML Injection

source: https://www.securityfocus.com/bid/16246/info Bit 5 Blog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)

Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow 1 source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration...

Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)

Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow 2 // source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administratio...

Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)

source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the correct port must be specified and a...