139 matches found
8x8 Bounty: Open TURN relay abuse is possible due to lack of peer access control (Critical)
NOTE: This is not an SSRF vulnerability but an open TURN relay vulnerability. Typically, this security vulnerability has at least the same impact as an SSRF. However it is considered more useful from an attacker's point of view since attacks are not restricted to HTTP. - Affects: - █████:443 -...
CVE-2017-18350
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...
Stack overflow
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...
CVE-2017-18350
Affected software: bitcoind and Bitcoin-Qt prior to 0.15.1. Issue: a stack-based buffer overflow caused by a signedness error when a attacker-controlled SOCKS proxy responds with an acknowledgement to an unexpected domain name. Impact details are consistent with the CVE, including a partial avail...
CVE-2017-18350
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...
CVE-2017-18350
Removed by vendor...
CVE-2019-5426
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SS...
CVE-2019-5426
CVE-2019-5426 affects Ubiquiti Networks EdgeSwitch X (v1.1.0 and prior). The vulnerability allows an unauthenticated remote user to use local port forwarding and dynamic port forwarding (SOCKS proxy) functionality to access local services or forward traffic through the device if SSH is enabled. T...
Ubiquiti Inc.: Login as root without password on EdgeSwitchX
In EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in th...
F5 Networks BIG-IP : BIG-IP SOCKS proxy vulnerability (K55225440)
Responses to SOCKS proxy requests made through the BIG-IP system may cause a disruption of service provided by theTraffic Management Microkernel TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a virtual server. The control plane is not impacted by this...
CVE-2017-6148
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...
Design/Logic Flaw
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...
CVE-2017-6148
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...
CVE-2017-6148
The CVE-2017-6148 issue affects F5 BIG-IP systems where a SOCKS proxy profile attached to a Virtual Server can disrupt TMM operations. Affected releases include BIG-IP 13.0.0 and 13.x; 12.x (12.0.0–12.1.3.1; 12.1.3.2 is the fix), and 11.x (11.5.1–11.5.5; 11.6.1–11.6.2; 11.6.3 is the fix). The vul...
CVE-2017-6148
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...
Tunna - Set Of Tools Which Will Wrap And Tunnel Any TCP Communication Over HTTP
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. SUMMARY TLDR: Tunnels TCP connections over HTTP In a fully firewalled inbound and outbound connections restricted - except the...
The vulnerability of the SOCKS proxy server of the BIG-IP Websafe security solution, the BIG-IP Policy Enforcement Manager, a system for controlling and managing network traffic, the BIG-IP Application Security Manager, a system for balancing local traffic, the BIG-IP Link Controller, a system for balancing internet traffic, the BIG-IP Application Acceleration Manager, the BIG-IP Advanced Firewall Manager, and the BIG-IP Access Policy Manager—these tools enable a hacker to cause a service failure.
The vulnerabilities of the SOCKS proxy server of the BIG-IP Websafe protection mechanism, the BIG-IP Policy Enforcement Manager, which is a system for controlling and managing network traffic; the BIG-IP Application Security Manager, which is a system for protecting applications; the BIG-IP Local...
F5 Networks BIG-IP : SOCKS proxy vulnerability (K30201296)
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up,...
Linux Trojan Using Hacked IoT Devices to Send Spam Emails
Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things IoT devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service DDoS attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings. New...
FileBuster - An Extremely Fast And Flexible Web Fuzzer
An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...