cURL -- URL request injection vulnerability

cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

License Update Fails In Networks Where HTTP Proxy Must Be Used

Known Limitation A tenant's Veeam Backup & Replication server cannot access Veeam Cloud Connect infrastructure components through HTTP/HTTPS proxy servers. All cloud-targeted traffic from the tenant's Veeam Backup & Replication server will ignore proxy settings. Challenge License updating may fai...

openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)

update to Firefox 33.0 bnc900941 New features : - OpenH264 support sandboxed - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP Content Security Policy backend - Support for connecting to HTTP proxy over HTTPS - Improved...

DEBIAN-CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

Trying to hack Redis via HTTP requests-vulnerability warning-the black bar safety net

0x01 scenario We assume that there is a SSRF vulnerability or a misconfigured proxy server, so that the attacker via HTTP requests to directly access the Redis service. In the above assumptions of the two cases, ask us for the HTTP request to access at least one line is fully controllable, this...

Bing Dork Scanner - Tool to extract urls from a bing search

This is a simple script with GUI, to extract urls from a bing search. Support only HTTP proxy. Required Perl Modules: LWP Gtk2 Glib uft8 threads threads::shared URI::Escape Download Bing Dork Scanner...

ZoneAlarm 8.0.20 HTTP Proxy Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31431/info ZoneAlarm Internet Security Suite is prone to a remote denial-of-service vulnerability that occurs in the TrueVector component when connecting to a malicious HTTP proxy. ZoneAlarm Internet Security Suite 8.0.02...

SapporoWorks Black JumboDog 2.6.4/2.6.5 HTTP Proxy Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3858/info Black JumboDog 2.6.4 and 2.6.5 HTTP proxy is vulnerable to an exploitable buffer overflow. The buffer overflow can be exploited by sending excessively long expires, if-modified-since, and LastModified strings...

MailGust <= 1.9 (board takeover) SQL Injection Exploit

No description provided by source. ?php mailgustxpl.php MailGust 1.9 possibly prior versions SQL Injection / board takeover poc exploit with generic HTTP proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script:...

AzDGDatingLite <= 2.1.3 - Remote Code Execution Exploit

No description provided by source. ?php azdgexpl.php AzDGDatingLite V 2.1.3 possibly prior versions remote code execution with generic http proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference =...

Symantec Enterprise Firewall / Gateway Security HTTP Proxy Internal IP Leakage Weakness

No description provided by source. source: http://www.securityfocus.com/bid/17936/info Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness. The vendor has reported that the NAT/HTTP proxy component of the products may reveal the internal IP...

tinyproxy tinyproxy 1.3.2/1.3.3 Heap Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2217/info Versions 1.3.2 and 1.3.3 of tinyproxy, a small HTTP proxy, exhibit a vulnerability to heap overflow attacks. A failure to properly validate user-supplied input which arguments a call to sprintf can allow...

PHPBB 2.0.20 Unauthorized HTTP Proxy Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17965/info phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy...

SapporoWorks WinProxy 2.0/2.0.1 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1400/info Multiple unchecked buffers exist in the POP3 and HTTP Proxy components of SapporoWorks WinProxy which could open up the possibilities of denial of service attacks or remote execution of arbitrary code. Performin...

Qbik WinGate WWW Proxy Server URL Processing Overflow

No description provided by source. $Id: qbikwingatewwwproxy.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

mysource 2.14.8/2.16 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site...

ezDatabase <= 2.0 (db_id) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl ezDatabase Remote Command Execution Exploit based on advisory by Pridels Team Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ $Id:...

wpbf - WordPress Brute Force

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames. When a correct username/passwords...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona. It's currently a little short on documentation, so I will let the changelog...