159 matches found
CVE-2020-36851
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...
CVE-2020-36851
CVE-2020-36851 affects cors-anywhere/server-side proxy configurations that run as an open proxy. The issue allows unauthenticated external users to induce the proxy to make HTTP requests to arbitrary targets (SSRF) because the proxy forwards requests and headers, enabling access to internal endpo...
CVE-2020-36851
Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...
cors-anywhere 安全漏洞
cors-anywhere is a NodeJS reverse proxy by Rob Wu, a personal developer. A security vulnerability exists in cors-anywhere that stems from allowing an unauthenticated external user when configured as an open proxy to trick the server into making HTTP requests to arbitrary targets, which could lead...
CVE-2016-0796
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...
Fortinet FortiWeb Confused deputy issue on SERVER_NAME causes open proxy flaw (FG-IR-21-123)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-123 advisory. - A unintended proxy or intermediary 'confused deputy' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows a...
CVE-2024-30128
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information...
CVE-2024-30128
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information...
CVE-2024-30128 An open proxy vulnerability affects HCL Nomad server on Domino
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information...
CVE-2024-30128
The vulnerability affects the HCL Nomad server on Domino . It is an open proxy flaw that allows an unauthenticated attacker to mask their original source IP address, potentially deceiving users into exposing sensitive information. Product/vendor/version details in the connected PT-2024-23201 entr...
CVE-2024-30128 An open proxy vulnerability affects HCL Nomad server on Domino
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information...
PT-2024-23201 · Hcl · Hcl Nomad Server
Name of the Vulnerable Software and Affected Versions: HCL Nomad server on Domino versions up to 1.0.12 Description: The HCL Nomad server on Domino is affected by an open proxy vulnerability, allowing an unauthenticated attacker to mask their original source IP address. This may enable an attacke...
HCL Nomad 安全漏洞
HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Corporation, USA. A security vulnerability exists in HCL Nomad, which stems from being affected by an open proxy vulnerability...
HTTP Open Proxy Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Open Proxy Detection', 'Description' = %q Checks if an HTTP proxy is open. False positive are avoided verifying the HTTP return code and...
Open Proxy
Web applications often rely on proxy server to route requests to the right web service. An Open Proxy vulnerabilities occurs when a web server is configured to act as forward proxy, allowing anyone to use it to relay web traffic. This setup can may allow an attacker to use the proxy server to mak...
Exploit for Server-Side Request Forgery in Perfsonar
Vendor: perfSONAR Link: https://github.com/perfsonar/ Affected V...
Backdoor.Win32.Serman.a MVID-2022-0659 Unauthenticated Open Proxy
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/f312e3a436995b86b205a1a37b1bf10f.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.Serman.a Vulnerability:...
CVE-2016-0796
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...
CVE-2016-0796
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...
Input validation
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a...