1149 matches found
Medium: curl
Issue Overview: The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information...
Dirs3arch v0.3.0 - HTTP(S) Directory/File Brute Forcer
dirs3arch is a simple command line tool designed to brute force hidden directories and files in websites. It's written in python3 3 and all thirdparty libraries are included. Operating Systems supported Windows XP/7/8 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for...
[SECURITY] [DSA 3145-1] privoxy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3145-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 30, 2015 http://www.debian.org/security/faq -...
SuSE 11.3 Security Update : curl (SAT Patch Number 10166)
This update fixes the following security issues : - URL request injection bnc911363 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. CVE-2014-8150 If the given URL contains line feeds and carriage returns those will be sent alo...
[SECURITY] [DSA 3145-1] privoxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3145-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 30, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3145-1 (privoxy - security update)
Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service. OpenVAS Vulnerability Test $Id: deb3145.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3145-1 using nvtgen 1.0 Script version: 1.0 Author:...
DSA-3145-1 privoxy - security update
Bulletin has no description...
[SECURITY] [DLA 142-1] privoxy security update
Package : privoxy Version : 3.0.16-1+deb6u1 CVE ID : CVE-2015-1031 CVE-2015-1381 CVE-2015-1382 Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy: CVE-2015-1031, CID66394: unmap: Prevent use-after-free if the map only consists of one item. CVE-2015-1031, CID66376 a...
DLA-142-1 privoxy - security update
Bulletin has no description...
[SECURITY] [DSA 3133-1] privoxy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3133-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2015 http://www.debian.org/security/faq -...
Debian DSA-3133-1 : privoxy - security update
Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3133. The text itself is copyright C Software in the...
[SECURITY] [DSA 3133-1] privoxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3133-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3133-1 (privoxy - security update)
Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy. OpenVAS Vulnerability Test $Id: deb3133.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3133-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 201...
DSA-3133-1 privoxy - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3133-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
curl: url request injection
When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...
[SECURITY] [DLA 134-1] curl security update
Package : curl Version : 7.21.0-2.1+squeeze11 CVE ID : CVE-2014-8150 Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted U...
CVE-2014-8150
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...
CVE-2014-8150
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...
Crlf injection
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...