Lucene search
+L

139 matches found

Hacker One
Hacker One
added 2020/04/08 2:42 p.m.536 views

8x8 Bounty: Open TURN relay abuse is possible due to lack of peer access control (Critical)

NOTE: This is not an SSRF vulnerability but an open TURN relay vulnerability. Typically, this security vulnerability has at least the same impact as an SSRF. However it is considered more useful from an attacker's point of view since attacks are not restricted to HTTP. - Affects: - █████:443 -...

Exploits0
OSV
OSV
added 2020/03/12 9:15 p.m.18 views

CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

5.9CVSS7.3AI score0.01301EPSS
Exploits0References2
Prion
Prion
added 2020/03/12 9:15 p.m.18 views

Stack overflow

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

4.3CVSS6AI score0.01301EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/03/12 8:13 p.m.74 views

CVE-2017-18350

Affected software: bitcoind and Bitcoin-Qt prior to 0.15.1. Issue: a stack-based buffer overflow caused by a signedness error when a attacker-controlled SOCKS proxy responds with an acknowledgement to an unexpected domain name. Impact details are consistent with the CVE, including a partial avail...

5.9CVSS5.9AI score0.01301EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/12 8:13 p.m.21 views

CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

6AI score0.01301EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/03/12 8:13 p.m.20 views

CVE-2017-18350

Removed by vendor...

5.9CVSS5.9AI score0.01301EPSS
Exploits0
OSV
OSV
added 2019/04/10 6:29 p.m.5 views

CVE-2019-5426

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SS...

4.8CVSS5.8AI score0.00809EPSS
Exploits0References2
CVE
CVE
added 2019/04/10 5:53 p.m.51 views

CVE-2019-5426

CVE-2019-5426 affects Ubiquiti Networks EdgeSwitch X (v1.1.0 and prior). The vulnerability allows an unauthenticated remote user to use local port forwarding and dynamic port forwarding (SOCKS proxy) functionality to access local services or forward traffic through the device if SSH is enabled. T...

5.8CVSS5.2AI score0.00809EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2019/03/21 3:27 a.m.28 views

Ubiquiti Inc.: Login as root without password on EdgeSwitchX

In EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" SOCKS proxy functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in th...

5.8CVSS4AI score0.00809EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.23 views

F5 Networks BIG-IP : BIG-IP SOCKS proxy vulnerability (K55225440)

Responses to SOCKS proxy requests made through the BIG-IP system may cause a disruption of service provided by theTraffic Management Microkernel TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a virtual server. The control plane is not impacted by this...

7.5CVSS7.3AI score0.01321EPSS
Exploits0References2
NVD
NVD
added 2018/04/13 1:29 p.m.25 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...

7.5CVSS7.5AI score0.01321EPSS
Exploits0References1
Prion
Prion
added 2018/04/13 1:29 p.m.20 views

Design/Logic Flaw

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...

5CVSS7.5AI score0.01321EPSS
Exploits0References1Affected Software8
OSV
OSV
added 2018/04/13 1:29 p.m.5 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...

7.5CVSS5.8AI score0.01321EPSS
Exploits0References1
CVE
CVE
added 2018/04/13 1:0 p.m.67 views

CVE-2017-6148

The CVE-2017-6148 issue affects F5 BIG-IP systems where a SOCKS proxy profile attached to a Virtual Server can disrupt TMM operations. Affected releases include BIG-IP 13.0.0 and 13.x; 12.x (12.0.0–12.1.3.1; 12.1.3.2 is the fix), and 11.x (11.5.1–11.5.5; 11.6.1–11.6.2; 11.6.3 is the fix). The vul...

7.5CVSS7.5AI score0.01321EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/13 1:0 p.m.26 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...

7.5AI score0.01321EPSS
Exploits0References1
Kitploit
Kitploit
added 2018/02/18 9:12 p.m.32 views

Tunna - Set Of Tools Which Will Wrap And Tunnel Any TCP Communication Over HTTP

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. SUMMARY TLDR: Tunnels TCP connections over HTTP In a fully firewalled inbound and outbound connections restricted - except the...

8.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.10 views

The vulnerability of the SOCKS proxy server of the BIG-IP Websafe security solution, the BIG-IP Policy Enforcement Manager, a system for controlling and managing network traffic, the BIG-IP Application Security Manager, a system for balancing local traffic, the BIG-IP Link Controller, a system for balancing internet traffic, the BIG-IP Application Acceleration Manager, the BIG-IP Advanced Firewall Manager, and the BIG-IP Access Policy Manager—these tools enable a hacker to cause a service failure.

The vulnerabilities of the SOCKS proxy server of the BIG-IP Websafe protection mechanism, the BIG-IP Policy Enforcement Manager, which is a system for controlling and managing network traffic; the BIG-IP Application Security Manager, which is a system for protecting applications; the BIG-IP Local...

7.5CVSS5.6AI score0.02664EPSS
Exploits0References4Affected Software8
Tenable Nessus
Tenable Nessus
added 2017/10/27 12:0 a.m.57 views

F5 Networks BIG-IP : SOCKS proxy vulnerability (K30201296)

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up,...

7.5CVSS7.3AI score0.02664EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2017/09/22 5:14 a.m.15 views

Linux Trojan Using Hacked IoT Devices to Send Spam Emails

Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things IoT devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service DDoS attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings. New...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2016/12/12 2:11 p.m.63 views

FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

6.9AI score
Exploits0References3
Rows per page
Query Builder