1138 matches found
HTTP Proxy Detection
Binary data 8772.prm...
CURL-CVE-2015-3153 sensitive HTTP server headers also sent to proxies
libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is sent to the prox...
VPN Tunnel Detection via HTTP CONNECT
Binary data 3177.prm...
Commix - Automated All-in-One OS Command Injection and Exploitation Tool
Commix short for command injection exploiter has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, ...
Mandriva Linux Security Advisory : curl (MDVSA-2015:098)
Updated curl packages fix security vulnerabilities : Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user CVE-2014-0015...
Debian DLA-134-1 : curl security update
Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in...
Debian DLA-142-1 : privoxy security update
Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy : CVE-2015-1031, CID66394 : unmap: Prevent use-after-free if the map only consists of one item. CVE-2015-1031, CID66376 and CID66391 : pcrsexecute: Consistently set result to NULL in case of errors. Should make...
Google Chrome cookie injection attack vulnerability
Google Chrome is a popular WEB browser. A security vulnerability exists in the Google Chrome net/http/proxyclientsocket.cc file due to failure to properly handle the 407 aka Proxy Authentication Required HTTP status code that appears in the Set-Cookie header. A remote attacker can exploit this...
UBUNTU-CVE-2015-1229
net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
Amazon Linux AMI : curl (ALAS-2015-477)
The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. CVE-2014-3707 CR...
Medium: curl
Issue Overview: The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information...
Dirs3arch v0.3.0 - HTTP(S) Directory/File Brute Forcer
dirs3arch is a simple command line tool designed to brute force hidden directories and files in websites. It's written in python3 3 and all thirdparty libraries are included. Operating Systems supported Windows XP/7/8 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for...
[SECURITY] [DSA 3145-1] privoxy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3145-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 30, 2015 http://www.debian.org/security/faq -...
SuSE 11.3 Security Update : curl (SAT Patch Number 10166)
This update fixes the following security issues : - URL request injection bnc911363 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. CVE-2014-8150 If the given URL contains line feeds and carriage returns those will be sent alo...
[SECURITY] [DSA 3145-1] privoxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3145-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 30, 2015 http://www.debian.org/security/faq -...
DSA-3145-1 privoxy - security update
Bulletin has no description...
Debian Security Advisory DSA 3145-1 (privoxy - security update)
Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service. OpenVAS Vulnerability Test $Id: deb3145.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3145-1 using nvtgen 1.0 Script version: 1.0 Author:...
[SECURITY] [DLA 142-1] privoxy security update
Package : privoxy Version : 3.0.16-1+deb6u1 CVE ID : CVE-2015-1031 CVE-2015-1381 CVE-2015-1382 Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy: CVE-2015-1031, CID66394: unmap: Prevent use-after-free if the map only consists of one item. CVE-2015-1031, CID66376 a...
DLA-142-1 privoxy - security update
Bulletin has no description...
[SECURITY] [DSA 3133-1] privoxy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3133-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2015 http://www.debian.org/security/faq -...