144 matches found
EUVD-2025-21052
Malicious code in bioql PyPI...
EUVD-2024-0790
Malicious code in bioql PyPI...
Malicious code in test-mlw2-tolas-loris (npm)
The package test-mlw2-tolas-loris was found to contain malicious code...
MAL-2025-36470 Malicious code in test-mlw2-tolas-loris (npm)
The package test-mlw2-tolas-loris was found to contain malicious code...
CVE-2025-53634
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634
CVE-2025-53634 affects Chall-Manager's HTTP Gateway. The vulnerability arises from no timeout on HTTP header processing, enabling a slowloris-style DoS that does not require authentication. A patch was implemented (commit 1385bd8) and shipped in v0.1.4, with remediation guidance to upgrade to tha...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
PT-2025-29155 · Unknown · Callmanager
Name of the Vulnerable Software and Affected Versions: Chall-Manager versions prior to 0.1.4 Description: Chall-Manager, a platform-agnostic system for starting Challenges on Demand, is susceptible to a Denial of Service DoS attack via a slow loris attack against its HTTP Gateway. The gateway lac...
Chall-Manager 安全漏洞
Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...
CVE-2008-0774
Cross-site scripting XSS vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotelname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
MAL-2024-11911 Malicious code in baby-loris (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9155edd098ee3fed04541b192087704f5a42b1f149bdd0f4f487d7e0ae941870 The OpenSSF Package Analysis project identified 'baby-loris' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...
Malicious code in baby-loris (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9155edd098ee3fed04541b192087704f5a42b1f149bdd0f4f487d7e0ae941870 The OpenSSF Package Analysis project identified 'baby-loris' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...
SUSE CVE-2024-28854
tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...
httpd: mod_http2: DoS in HTTP/2 with initial window size 0
A flaw was found in the modhttp2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known "slow loris"...
Debian dsa-5662 : apache2 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...
GHSA-2QPH-QPVM-2QF7 tls-listener affected by the slow loris vulnerability with default configuration
Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...
tls-listener affected by the slow loris vulnerability with default configuration
Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new vulnerable to a slow-loris DoS attack. rust /// Default numbe...
CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener
tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...