CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

PYSEC-2024-27

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...

CloakQuest3r - Uncover The True IP Address Of Websites Safeguarded By Cloudflare

CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service. Its core mission is to accurately discern the actual IP address of web servers that are concealed...

CVE-2023-36456

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...

CVE-2023-36456

authentik is affected prior to versions 2023.4.3 and 2023.5.5 because it does not verify the origin of the X-Forwarded-For and X-Real-IP headers in both Python and Go code. This can allow spoofing of IPs in logs and in downstream flows that rely on IP checks, and may enable bypassing IP-based pol...

authentik 安全漏洞

authentik is an open source identity provisioning application from authentik Open Source. A security vulnerability exists in authentik version 2023.4.3, 2023.5.5, which stems from a vulnerability that does not validate the origin of X-Forwarded-For and X-Real-IP headers in Python code and go...

CVE-2022-31196 Server-Side Request Forgery (SSRF) vulnerability in Databasir

Databasir is a database metadata management platform. Databasir = 1.06 has Server-Side Request Forgery SSRF vulnerability. The SSRF is triggered by a sending a single HTTP POST request to create a databaseType. By supplying a jdbcDriverFileUrl that returns a non 200 response code, the url is...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

Rebuild 代码问题漏洞

Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild version 2.8.3. An attacker can use this vulnerability to obtain a real IP address via the fileurl parameter and scan for Intranet information...

PT-2022-19985 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild version 2.8.3 Description: A Server-Side Request Forgery SSRF issue allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. This enables attackers to access internal network details...

Searpy - Search Engine Tookit

1. Install git clone https://github.com/j3ers3/Searpy pip install -r requirement.txt 配置API及账号 ./config.py python Searpy -h 2. Help baidu Engine --google Using google Engine --so Using 360so Engine --bing Using bing Engine --shodan Using shodan Engine --fofa Using fofa Engine --zoomeye Using...

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112 CVE-2022-24112: Apache APISIX apisix/batch-re...

CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

Brave Browser Tor Window 安全漏洞

Brave Browser Tor Window is a software application. Achieve outstanding speed, security and privacy by blocking tracking programs. A security vulnerability exists in Brave Browser Tor Window that originates from leaking a user's real IP to an external DNS server...

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...

CloudUnflare - Reconnaissance Real IP Address For Cloudflare Bypass

Reconnaissance Real IP address for Cloudflare Bypass. Preparation: 1. CompleteDNS API Create an account at completedns.com and verify first. Input your email and password on CompleteDNSLogin variable in cloudunflare.bash. 2. Dependencies Needed curl dig whois Debian Based apt-get install curl...