MAL-2024-4754 Malicious code in aio-http-proxy-support (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanԁeren.Basіsregіsters.NisCоdeService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Bе.Vlaaոderen.Basisregisters.TicketingService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Bе.Vlaaոderen.Basisregіsters.TicketingServiсe.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

[SECURITY] [DSA 5705-1] tinyproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq -...

RHEL 8 : odo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-0536 - golang:...

RHEL 6 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squid: Heap overflow issue in URN processing CVE-2019-12526 - squid: Buffer overflow in reverse-proxy...

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

Cisco Talos Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group -- one in the Tinyroxy HTTP proxy daemon and another in the stbvorbis.c file library -- could lead to arbitrary code...

Exploit for Use After Free in Tinyproxy_Project Tinyproxy

!Profile Visitorshttps://komarev.com/ghpvc/?username=d0rb&la...

MAL-2024-1164 Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BioTime Directory Traversal / Remote Code Execution

. . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on 9.0.1 Build:20240108.18753 BioTime, "time" for shellz! https://claroty.com/team82/disclosure-dashboard/cve-2023-38952...

Apache Archiva Reflected Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

CVE-2024-27140

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...

CVE-2024-27140

Apache Archiva is affected by a Cross-site Scripting (XSS) issue described as Improper Neutralization of Input During Web Page Generation. The vulnerability affects Archiva versions 2.0.0 and later, with the project stated as retired and no plan for a fix. Practical impact is an XSS risk in web p...

PT-2024-21671 · Apache · Apache Archiva

Name of the Vulnerable Software and Affected Versions: Apache Archiva versions 2.0.0 and later Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This affects Apache Archiva, a product that is no longer supported b...

CentOS 9 : curl-7.76.1-22.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-22.el9 build changelog. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

Exploit for Injection in Atlassian Confluence_Data_Center

Project Introduction This project refers to the project of B...

CVE-2024-1359

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1359

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...