CVE-2024-41812

TxtDot, an HTTP proxy, is affected by a Server-Side Request Forgery (SSRF) vulnerability in the /get route prior to version 1.7.0. An attacker can use the server as a proxy to send HTTP GET requests to arbitrary targets and access internal-network information. Version 1.7.0 mitigates by not displ...

CVE-2024-41812 txtdot SSRF vulnerability in /get

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...

CVE-2024-41812 txtdot SSRF vulnerability in /get

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...

CVE-2024-41812 txtdot SSRF vulnerability in /get

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...

Malicious code in aio-http-proxy-support (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4754 Malicious code in aio-http-proxy-support (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanԁeren.Basіsregіsters.NisCоdeService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Bе.Vlaaոderen.Basisregisters.TicketingService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Bе.Vlaaոderen.Basisregіsters.TicketingServiсe.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

[SECURITY] [DSA 5705-1] tinyproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq -...

RHEL 8 : odo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-0536 - golang:...

RHEL 6 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squid: Heap overflow issue in URN processing CVE-2019-12526 - squid: Buffer overflow in reverse-proxy...

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

Cisco Talos Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group -- one in the Tinyroxy HTTP proxy daemon and another in the stbvorbis.c file library -- could lead to arbitrary code...

Exploit for Use After Free in Tinyproxy_Project Tinyproxy

!Profile Visitorshttps://komarev.com/ghpvc/?username=d0rb&la...

MAL-2024-1164 Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BioTime Directory Traversal / Remote Code Execution

. . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on 9.0.1 Build:20240108.18753 BioTime, "time" for shellz! https://claroty.com/team82/disclosure-dashboard/cve-2023-38952...

Apache Archiva Reflected Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

CVE-2024-27140

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...

CVE-2024-27140

Apache Archiva is affected by a Cross-site Scripting (XSS) issue described as Improper Neutralization of Input During Web Page Generation. The vulnerability affects Archiva versions 2.0.0 and later, with the project stated as retired and no plan for a fix. Practical impact is an XSS risk in web p...