CVE-2006-5037

CVE-2006-5037 affects MySource Matrix versions after 3.8. The issue allows remote attackers to use the application as an HTTP proxy via a MIME-encoded URL in the sq_content_src parameter, enabling access to arbitrary sites using the server’s IP and enabling cross-site scripting (XSS). The PT-2006...

CVE-2006-5036

CVE-2006-5036 affects MySource Matrix 3.8 and earlier and MySource 2.x. The issue stems from the parameter sq_remote_page_url , which can be abused to make the application act as an HTTP proxy, enabling access to arbitrary sites using the server IP and enabling cross‑site scripting (XSS). Impact ...

CVE-2006-5036

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sqremotepageurl parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The...

mysource 2.14.8/2.16 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site scripting attacks. An attacker may...

mysource 2.14.82.16 - Multiple Vulnerabilities

mysource 2.14.82.16 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct...

Governs the granting of leave true when True also false-the“real”IP security risks-vulnerability warning-the black bar safety net

Let us look at the ASP code first: Function getIP Dim strIPAddr as string If Request. ServerVariables"HTTPXFORWARDEDFOR" = "" OR InStrRequest. ServerVariables"HTTPXFORWARDEDFOR", "unknown" 0 Then strIPAddr = Request. ServerVariables"REMOTEADDR" ElseIf InStrRequest...

CentOS 3 / 4 : httpd (CESA-2005:582)

Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...

WinGate POST Request Buffer Overflow

The remote host appears to be running WinGate Proxy Server, a Windows application for managing and securing Internet access. According to its banner, the version of WinGate installed on the remote host is affected by a buffer overflow vulnerability in its HTTP proxy service. An attacker with acce...

phpBB can be used as HTTP proxy with vulnerability-vulnerability warning-the black bar safety net

Affected system: phpBB Group phpBB 2.0.20 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 1 7 9 6 5 phpBB is a PHP language implementation of a Web-based open source Forum program, the use of more widely. It supports multiple databases as...

Design/Logic Flaw

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...

CVE-2006-2341

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...

CVE-2006-2341

CVE-2006-2341 affects Symantec Gateway Security 5000 Series (versions 2.0.1 and 3.0) and Symantec Enterprise Firewall 8.0. When NAT is in use, the HTTP proxy can be abused by remote attackers to determine internal IP addresses by sending malformed HTTP requests—specifically a GET request with no ...

CVE-2006-2341

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI...

phpBB 2.0.20 - Unauthorized HTTP Proxy

phpBB 2.0.20 - Unauthorized HTTP Proxy source: https://www.securityfocus.com/bid/17965/info phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy...

[Full-disclosure] SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure

SEC Consult Security Advisory 20060512-0 ============================================================== title: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure program: Symantec Enterprise FW vulnerable version: 8.0 homepage: www.symantec.com found: 2005-09-13 by: SEC Consult /...

phpBB 2.0.20 - Unauthorized HTTP Proxy

source: https://www.securityfocus.com/bid/17965/info phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy...

Cisco Application Velocity System TCP port relaying

Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...

Symantec Enterprise Firewall NAT/HTTP Proxy internal IP leakage

SUMMARY An information leak has been discovered in the HTTP proxy of the Symantec Enterprise Firewall and Symantec Gateway Security products. In response to specific http requests, the firewall may reveal internal addresses otherwise hidden by Network Address Translation NAT. Severity Very Low...

Symantec Enterprise Firewall Gateway Security - HTTP Proxy Internal IP Leakage

Symantec Enterprise Firewall Gateway Security - HTTP Proxy Internal IP Leakage source: https://www.securityfocus.com/bid/17936/info Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness. The vendor has reported that the NAT/HTTP proxy component...

Symantec Enterprise Firewall / Gateway Security - HTTP Proxy Internal IP Leakage

source: https://www.securityfocus.com/bid/17936/info Symantec Enterprise Firewall and Gateway Security products are prone to an information-disclosure weakness. The vendor has reported that the NAT/HTTP proxy component of the products may reveal the internal IP addresses of protected computers. A...