73 matches found
Important: Red Hat Security Advisory: squid security update
An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 8 : squid:4 (RHSA-2022:6774)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6774 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid:...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
squid: buffer-over-read in SSPI and SMB authentication
A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure...
squid:4 security update
An update is available for squid, libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients,...
Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...
MGASA-2022-0351 Updated squid packages fix security vulnerability
Exposure of Sensitive Information in Cache Manager. CVE-2022-41317 Buffer Over Read in SSPI and SMB Authentication. CVE-2022-41318...
Updated squid packages fix security vulnerability
Exposure of Sensitive Information in Cache Manager. CVE-2022-41317 Buffer Over Read in SSPI and SMB Authentication. CVE-2022-41318...
Squid Buffer Overflow Vulnerability (SQUID-2022:2)
Squid is prone to a buffer overflow vulnerability in SSPI and SMB authentication. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
Buffer Overflow
squid is vulnerable to buffer overflow. The vulnerability exists due to a lack of sanitization of the input in SSPI and SMB Authentication allowing an attacker to corrupt the memory...
USN-5641-1: Squid vulnerabilities
Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-41317 It was discovered that Squid incorrectly handled SSPI an...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Squid vulnerabilities (USN-5641-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5641-1 advisory. Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue t...
Microsoft Windows SMB Direct Session Takeover Exploit
This Metasploit module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. T...
SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...
Oracle Database Attacking Tool: ODAT
ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...
Microsoft SQL Database Attacking Tool: MSDAT
MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...
SMB User Authentication Bypass - ownCloud
ownCloud includes an optional and not by default enabled SMB authentication component that allows to authenticate users against an SMB server. This backend is implemented in a way that it tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not...
Powershell Remoting Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Powershell Remoting Remote Command Execution', 'Description' = %q Uses Powershell Remoting TCP 47001 to inject payload...