20 matches found
BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
EUVD-2025-201787
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
PT-2025-43452
Name of the Vulnerable Software and Affected Versions versions prior to 2025-22432 Description A persistent connection may occur due to improper input validation within the notifyTimeout function of the CallRedirectionProcessor.java component. This could potentially allow for local escalation of...
CVE-2025-54142
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...
CVE-2025-54142
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...
CVE-2024-23452
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...
CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...
Puma 资源管理错误漏洞
Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. A security vulnerability exists in Puma. The vulnerability stems from a persistent connection in the program that saturates all threads in all processes in a cluster...
Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor
Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control C2 traffic...
CB TAU Threat Intelligence Notification: Sodinokibi Ransomware
Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...
Using WebSocket as your Real Time Protocol? Wallam got you covered.
In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’...
Mandriva Update for apache MDVSA-2010:153 (apache)
Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2010:153 apache Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Mandriva Update for apache MDVSA-2010:153 (apache)
Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2010:153 apache Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CVE-2010-2791
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
Design/Logic Flaw
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
PT-2010-4294 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...
PHP -> set_time_limit
when safemode = on, settimelimit is "off", then we can use iniset"maxexecutiontime", 90000000; suppose the server is vulnerable PHP injection, then an attacker make a backdoor in PHP and register it in SCM of windows with win32service extension. the backdoor need wait for connections, if safemode...
msie4-persistent-connect.txt
Date: Fri, 22 Jan 1999 14:15:32 -0600 From: Joel Moses To: [email protected] Subject: IE4 Persistent Connection Bug Hi, everyone. Working with MCI/WorldCom, we've identified a problem with IE 4 which may or may not have security implications, but is definately naughty behavior, in our opinions...