1138 matches found
SapporoWorks WinProxy 2.0/2.0.1 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1400/info Multiple unchecked buffers exist in the POP3 and HTTP Proxy components of SapporoWorks WinProxy which could open up the possibilities of denial of service attacks or remote execution of arbitrary code. Performin...
SapporoWorks Black JumboDog 2.6.4/2.6.5 HTTP Proxy Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3858/info Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to an exploitable buffer overflow. The buffer overflow can be exploited by sending excessively long expires, if-modified-since, and LastModified strings...
mysource 2.14.8/2.16 - Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site...
ZoneAlarm 8.0.20 HTTP Proxy Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31431/info ZoneAlarm Internet Security Suite is prone to a remote denial-of-service vulnerability that occurs in the TrueVector component when connecting to a malicious HTTP proxy. ZoneAlarm Internet Security Suite 8.0.02...
AzDGDatingLite <= 2.1.3 - Remote Code Execution Exploit
No description provided by source. ?php azdgexpl.php AzDGDatingLite V 2.1.3 possibly prior versions remote code execution with generic http proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference =...
Symantec Enterprise Firewall / Gateway Security HTTP Proxy Internal IP Leakage Weakness
No description provided by source. source: http://www.securityfocus.com/bid/17936/info Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness. The vendor has reported that the NAT/HTTP proxy component of the products may reveal the internal IP...
wpbf - WordPress Brute Force
The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames. When a correct username/passwords...
[THC-Hydra 7.5] Fast Parallel Network Logon Cracker
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...
[Doona] Network Protocol Fuzzer
Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona. It's currently a little short on documentation, so I will let the changelog...
DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)
DoS Vulnerability fixed in Node v0.8.26 and v0.10.21 Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to...
Multiple Vulnerabilities in Cisco Firewall Services Module Software (cisco-sa-20130410-fwsm)
The remote Cisco Firewall Services Module FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by the following vulnerabilities : - A flaw in the FWSM software could allow remote attackers to cause a denial of service DoS condition via a crafted IKEv1 message...
Blue Coat ICAP Patience Page XSS
The remote host is running a version of Blue Coat ProxySG that suffers from a XSS issue. An attacker can exploit this issue by sending a malicious link that will redirect the user to the ICAP 'Patience' page which will echo the link back, unfiltered. %NASLMINLEVEL 70300 C Tenable Network Security...
[SECURITY] Fedora 18 Update: nodejs-tunnel-agent-0.3.0-1.fc18
HTTP proxy tunneling agent...
CVE-2013-2070
http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...
nginx 'ngx_http_parse.c'栈缓冲区溢出漏洞
BUGTRAQ ID: 59699 CVECAN ID: CVE-2013-2028 nginx是HTTP及反向代理服务器,同时也用作邮件代理服务器。 nginx 1.3.9 - 1.4.0在解析HTTP块时,"ngxhttpparsechunked"函数 http/ngxhttpparse.c中存在错误,可被利用造成栈缓冲区溢出。 0 Nginx 1.3.9 - 1.4.0 临时解决方法: 建议您升级到nginx 1.4.1或者是1.5.0。但如果您不能立刻安装补丁或者升级,您可以采取以下措施以降低威胁: 在每个server块中使用如下配置 if $httptransferencodi...
Medium: nginx
Issue Overview: http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy...
[Watcher v1.5.6] Web Security Testing Tool and Passive Vulnerability Scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
nginx 中间人攻击漏洞(CVE-2011-4968)
Bugtraq ID:57139 CVE ID:CVE-2011-4968 nginx是一款高性能的web服务器,使用非常广泛,其不仅经常被用作反向代理,也可以非常好的支持PHP的运行 nginx包含的Http代理模块允许通过https与源服务器通信,但是没有正确校验源服务器身份,允许攻击者在代理和源服务器之间进行中间人攻击 0 Igor Sysoev nginx 0.8.40 Igor Sysoev nginx 0.8.36 Igor Sysoev nginx 0.8.35 Igor Sysoev nginx 0.8.33 Igor Sysoev nginx 0.7.66 Igor...
Debian Security Advisory DSA 2564-1 (tinyproxy)
The remote host is missing an update to tinyproxy announced via advisory DSA 2564-1. OpenVAS Vulnerability Test $Id: deb25641.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2564-1 tinyproxy Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian DSA-2564-1 : tinyproxy - denial of service
gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...