Lucene search
K

135 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.36 views

K30201296: SOCKS proxy vulnerability CVE-2017-0303

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be...

7.5CVSS7.6AI score0.02664EPSS
Exploits0Affected Software11
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

5CVSS7AI score0.04326EPSS
Exploits0References9
Kitploit
Kitploit
added 2022/05/28 12:30 p.m.46 views

Stunner - Tool To Test And Exploit STUN, TURN And TURN Over TCP Servers

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chats WebRTC. If you find a misconfigured server you can use this tool to open a local socks proxy that relays all traffic via the TURN protocol into the...

7.8AI score
Exploits0References2
Kitploit
Kitploit
added 2022/05/19 12:30 p.m.56 views

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...

7.3AI score
Exploits0References1
Information Security Automation
Information Security Automation
added 2022/04/23 9:22 a.m.205 views

Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics

Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2022 and new improvements in my Vulristics project. I decided to add more comment sources. Because its not just Tenable, Qualys, Rapid7 and ZDI make Microsoft Patch Tuesday reviews, but also other security companies and...

10CVSS9.2AI score0.91316EPSS
Exploits24
Kitploit
Kitploit
added 2021/09/08 11:30 a.m.42 views

TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365...

7.4AI score
Exploits0References3
NVD
NVD
added 2021/05/20 2:15 p.m.9 views

CVE-2020-24396

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

7.5CVSS0.0185EPSS
Exploits0References3
OSV
OSV
added 2021/05/20 2:15 p.m.0 views

CVE-2020-24396

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

7.5CVSS7.2AI score0.0185EPSS
Exploits0References3
Prion
Prion
added 2021/05/20 2:15 p.m.20 views

Hardcoded credentials

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

5CVSS7.6AI score0.0185EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/05/20 1:20 p.m.19 views

CVE-2020-24396

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

7.6AI score0.0185EPSS
Exploits0References3
CVE
CVE
added 2021/05/20 1:20 p.m.64 views

CVE-2020-24396

CVE-2020-24396 affects homee Brain Cube v2 (firmware 2.28.2 and 2.28.4). The issue is that sensitive SSH keys are stored within downloadable and unencrypted firmware images, enabling remote attackers to use the support server as a SOCKS proxy. Documented impact is exposure of credentials and pote...

7.5CVSS7.5AI score0.0185EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2021/03/20 8:30 p.m.335 views

Invoke-SocksProxy - Socks Proxy, And Reverse Socks Server Using Powershell

Creates a local or "reverse" Socks proxy using powershell. The local proxy is a simple Socks 4/5 proxy. The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot int...

7.2AI score
Exploits0References2
Metasploit
Metasploit
added 2020/09/23 5:41 p.m.713 views

SOCKS Proxy Server

This module provides a SOCKS proxy server that uses the builtin Metasploit routing to relay connections. Module Options msf use auxiliary/server/socksproxy msf auxiliarysocksproxy show actions ...actions... msf auxiliarysocksproxy set ACTION msf auxiliarysocksproxy show options ...show and set...

7AI score
Exploits0
Gitee
Gitee
added 2020/08/11 11:37 a.m.6 views

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan, which is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.6AI score
Exploits0
Kitploit
Kitploit
added 2020/08/06 9:30 p.m.61 views

Gtunnel - A Robust Tunelling Solution Written In Golang

A TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection. I wanted to learn a new language, so I picked go and gRPC. Client executables have been tested on windows and linux. Dependencies...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/06/07 12:30 p.m.69 views

Words Scraper - Selenium Based Web Scraper To Generate Passwords List

Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...

7.3AI score
Exploits0References2
Hacker One
Hacker One
added 2020/04/08 2:42 p.m.536 views

8x8 Bounty: Open TURN relay abuse is possible due to lack of peer access control (Critical)

NOTE: This is not an SSRF vulnerability but an open TURN relay vulnerability. Typically, this security vulnerability has at least the same impact as an SSRF. However it is considered more useful from an attacker's point of view since attacks are not restricted to HTTP. - Affects: - █████:443 -...

Exploits0
OSV
OSV
added 2020/03/12 9:15 p.m.17 views

CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

5.9CVSS7.3AI score0.01301EPSS
Exploits0References2
Prion
Prion
added 2020/03/12 9:15 p.m.17 views

Stack overflow

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

4.3CVSS6AI score0.01301EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/03/12 8:13 p.m.73 views

CVE-2017-18350

Affected software: bitcoind and Bitcoin-Qt prior to 0.15.1. Issue: a stack-based buffer overflow caused by a signedness error when a attacker-controlled SOCKS proxy responds with an acknowledgement to an unexpected domain name. Impact details are consistent with the CVE, including a partial avail...

5.9CVSS5.9AI score0.01301EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder