simpleproxy proxy server format string vulnerability

Format string bug on parent HTTP proxy server reply parsing...

Flatnuke <= 2.5.5 Remote Code Execution

Exploit for unknown platform in category web applications ======================================= Flatnuke FlatNuke 2.5.5 remote commands execution FlatNuke 2.5.5 possibly prior versions remote commands execution a script by rgod at http://rgod.altervista.org form name="form1" method="post"...

Flatnuke 2.5.5 - Remote Code Execution

FlatNuke 2.5.5 remote commands execution FlatNuke 2.5.5 possibly prior versions remote commands execution a script by rgod at http://rgod.altervista.org hostname ex: ww...

Flatnuke 2.5.5 - Remote Code Execution

Flatnuke 2.5.5 - Remote Code Execution FlatNuke 2.5.5 remote commands execution FlatNuke 2.5.5 possibly prior versions remote commands execution a script by rgod at http://rgod.altervista.org hostname ex: www...

USN-160-1: Apache 2 vulnerabilities

Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list CRL handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. CAN-2005-1268 Watchfire...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...

[SECURITY] [DSA 726-1] New oops packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 726-1 [email protected] http://www.debian.org/security/ Martin Schulze May 20th, 2005 http://www.debian.org/security/faq -...

Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service

Overview The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service. Description Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the...

CVE-2005-1340

The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy...

CVE-2005-1340

CVE-2005-1340 concerns the HTTP proxy service in Apple Mac OS X Server Admin (Mac OS X 10.3.9). The description in multiple sources states that the proxy does not restrict access when enabled, allowing remote users to misuse the proxy. Connected documents corroborate that this is a remote-access ...

CVE-2005-1340

The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy...

Debian DSA-713-1 : junkbuster - several vulnerabilities

Several bugs have been found in junkbuster, a HTTP proxy and filter. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-1108 James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidentally...

[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 713-1 [email protected] http://www.debian.org/security/ Martin Schulze April 21st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 713-1 [email protected] http://www.debian.org/security/ Martin Schulze April 21st, 2005 http://www.debian.org/security/faq -...

DSA-713-1 junkbuster - several

Bulletin has no description...

[ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200504-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

JunkBuster: Multiple vulnerabilities

Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...

HTTP Proxy CONNECT Loop DoS

The proxy allows the users to perform repeated CONNECT requests to itself. This allow anybody to saturate the proxy CPU, memory or file descriptors. Note that if the proxy limits the number of connections from a single IP e.g. acl maxconn with Squid, it is protected against saturation and you may...

CVE-2004-1484

The CVE-2004-1484 issue affects socat (1.4.0.3 and earlier). It is a format string vulnerability in the _msg function in error.c that can be triggered when socat is used as an HTTP proxy client with the -ly option, enabling remote attackers (or local users) to execute arbitrary code via format st...

CVE-2004-1484

Format string vulnerability in the msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message...