123 matches found
FreeBSD : curl -- SOCKS5 heap buffer overflow (d6c19e8c-6806-11ee-9464-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d6c19e8c-6806-11ee-9464-b42e991fc52e advisory. - CVE-2023-38545 is a heap-based buffer overflow vulnerability in the SOCKS5 proxy handshake in libcurl...
Curl 7.69 < 8.4.0 Heap Buffer Overflow
The version of curl installed on the remote host is affected by a heap based buffer overflow in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2023-284-01)
The version of curl installed on the remote host is prior to 8.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-284-01 advisory. - CVE-2023-38545 is a heap-based buffer overflow vulnerability in the SOCKS5 proxy handshake in libcurl and curl. When curl is...
Debian DSA-5523-1 : curl - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5523 advisory. - CVE-2023-38545 is a heap-based buffer overflow vulnerability in the SOCKS5 proxy handshake in libcurl and curl. When curl is given a hostname to pass along...
Gato - GitHub Self-Hosted Runner Enumeration And Attack Tool
Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization. The tool also allows searching for and thoroughly enumerating publ...
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Linux routers in Japan are the target of a new Golang remote access trojan RAT called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center JPCERT/CC...
CVE-2023-29011
Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...
Hardcoded credentials
Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...
CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing
Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...
CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing
Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...
CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing
Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...
SUSE CVE-2004-0409
Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code...
SUSE CVE-2009-2470
Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service data stream corruption via a long domain name in a reply...
SOCKS5 Proxy Package for Go 安全漏洞
SOCKS5 Proxy Package for Go is an open source SOCKS5 proxy library for Go by Bitcoin in Go. SOCKS5 Proxy Package for Go suffers from a security vulnerability that stems from the fact that the RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loo...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 Cacti Blind Remote Code Execution Pre-Auth...
PT-2023-5883
Name of the Vulnerable Software and Affected Versions curl versions 7.82.0 through 8.4.0 libcurl versions 7.82.0 through 8.4.0 MySQL versions 5.7.43 and earlier, 8.0.34 and earlier, 8.1.0 and earlier Description curl and libcurl are vulnerable to a heap buffer overflow in the SOCKS5 proxy...
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name...
Msldap - LDAP Library For Auditing MS AD
msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL see below Supports integrated windows authentication SSPI both with NTLM and with KERBEROS Supports channel binding for...
Puzzling Gwmndy Botnet Focuses on Low-Volume Proxy Connections
An odd botnet has been spotted targeting Fiberhome routers, in a quest to add 200 of them per day to its botnet web. That’s a low number in the world of botnets, according to 360 Netlab researchers, which observed a previously unknown malware strain called Gwmndy after the attackers’ domain name...
Unusual Linux Ransomware Targets NAS Servers
A rare instance of ransomware targeting Linux-based file storage systems network-attached storage servers, specifically has been spotted, spreading via 15 separate but related campaigns. The adversaries behind the effort are continuing their depredations on an ongoing basis, according to...