Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

SSRF Vulnerability Exploit for Request-Baskets CVE-2023-27163...

CentOS 7 : curl (RHSA-2023:7743)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can...

Oracle Linux 7 : curl (ELSA-2023-7743)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7743 advisory. - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - CVE-2016-8615 cookie injection for...

Low: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 7 : curl (RHSA-2023:7743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

curl security update

7.29.0-59.0.3.el79.2 - load CA certificates even with --insecure Orabug: 32836997 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers...

CVE-2023-49288 Denial of Service in HTTP Collapsed Forwarding in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 Basic vulnerability scanning to see if web serv...

GHSA-PXG5-H34R-7Q8P GeoNode vulnerable to SSRF Bypass to return internal host data

A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. the application is using a whitelist, but the whitelist can be bypassed with @ and encoded value of @ %4...

Oracle Linux 7 : squid (ELSA-2020-1068)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1068 advisory. - Resolves: 1729435 - CVE-2019-13345 squid: XSS via username or auth parameter in cachemgr.cgi - Resolves: 1582301 - CVE-2018-1000024 CVE-2018-1000027...

RHEL 7 : curl (CVE-2022-43552)

The remote Red Hat Enterprise Linux 7 host has a curl package installed that is affected by a vulnerability: - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunne...

GHSA-9HXF-PPJV-W6RQ gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

EulerOS 2.0 SP5 : curl (EulerOS-SA-2023-2139)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

Important: squid

Issue Overview: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. CVE-2016-10003 An issue was...

ManageEngine ADManager Plus Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection', 'Description' = %q ManageEngine ADManager Plus prior to build...

curl: Use-after-free triggered by an HTTP proxy deny response

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

Amazon Linux 2 : squid (ALAS-2023-2066)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2066 advisory. Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed...

ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection

ManageEngine ADManager Plus prior to build 7181 is vulnerable to an authenticated command injection due to insufficient validation of user input when performing the ChangePasswordAction function before passing it into a string that is later used as an OS command to execute. By making a POST reque...