Type confusion

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

PYSEC-2021-46

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

CVE-2021-3116

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

CVE-2021-3116

CVE-2021-3116 affects proxy.py’s AuthPlugin (http/proxy/auth.py) before version 2.3.1, where a boolean logic bug (and vs or) allows incorrect Proxy-Authorization header data to be accepted. This may impact authentication handling in proxy.py, as described in Red Hat OSV/NVD entries and related ad...

PT-2021-19195 · Proxy.Py · Proxy.Py

Name of the Vulnerable Software and Affected Versions: proxy.py versions prior to 2.3.1 Description: The issue arises from a boolean confusion in the before upstream connection function within the AuthPlugin in http/proxy/auth.py, where it incorrectly accepts Proxy-Authorization header data due t...

IPeakCMS 3.5 - Boolean-based blind SQLi

Exploit Title: IPeakCMS 3.5 - Boolean-based blind SQLi Date: 07.12.2020 Exploit Author: MoeAlbarbari Vendor Homepage: https://ipeak.ch/ Software Link: N/A Version: 3.5 Tested on: BackBox Linux CVE : CVE-2021-3018 Check the CMS version :goto www.site.com/cms/ and you will notice that in the login...

CVE-2021-3018

ipeak Infosystems ibexwebCMS aka IPeakCMS 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page...

CVE-2021-3018

ipeak Infosystems ibexwebCMS aka IPeakCMS 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page...

Sql injection

ipeak Infosystems ibexwebCMS aka IPeakCMS 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page...

CVE-2021-3018

ipeak Infosystems ibexwebCMS aka IPeakCMS 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page...

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

Sql injection

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

CVE-2020-36112

CVE-2020-36112 affects CSE Bookstore 1.0. The vulnerability is an SQL injection (time-based blind, boolean-based blind, and OR-based) in the pubid parameter of bookPerPub.php and cart.php, allowing an attacker to dump the entire database. Affected software: CSE Bookstore 1.0. Root cause: improper...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in flatbuffers crate in versions of Mozilla Rust prior to 0.6.1, which stems from the fact that an arbitrary byte can be reinterpreted as a bool.No details of the vulnerability ar...

CSE Bookstore 1.0 SQL Injection

Exploit Title : CSE Bookstore 1.0 - Multiple SQL Injection Date : 2020-12-21 Author : Musyoka Ian Version : CSE Bookstore 1.0 Vendor Homepage: https://projectworlds.in/ Platform : PHP Tested on : Debian CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR...

Microsoft Windows: Get RSOP_SecuritySettings

The RSOPSecuritySettings WMI class is the abstract class from which other RSoP security classes derive. Instances of this class are not logged. This class was added for Windows XP. The RSOPSecuritySettingNumeric WMI class represents the numeric security setting for an account policy. Account...

WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection

The Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+. Edit WPScanTeam: September 8th, 2020 - Confirmed & Escalated to WP plugins team September 8th, 2020 - WP plugins team investigating November 25th, 2020 - No updates,...

openldap: denial of service via nested boolean expressions in LDAP search filters

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...