675 matches found
CVE-2021-27002
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy...
Netapp NetApp Cloud Manager 授权问题漏洞
Netapp NetApp Cloud Manager is an application from Netapp, Inc. which provides centralized orchestration of hybrid cloud storage and data management services. An authorization issue vulnerability exists in NetApp Cloud Manager, which arises from the product not validating the identity of a user...
USN-5104-1: Squid vulnerability
Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information...
ZOOM on-premise Meeting Connector 输入验证错误漏洞
ZOOM on-premise Meeting Connector is a meeting connector from Zoom ZOOM USA. A security vulnerability exists in the Zoom on-premise Meeting Connector Controller that stems from the load balancer's inability to validate input sent in a request to update the web proxy configuration. An attacker cou...
OpenSIS 8.0 Directory Traversal
Exploit Title: OpenSIS 8.0 'modname' - Directory/Path Traversal Date: 09-02-2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux The 'modname' parameter in the 'Modules.php' is vulnerable to loc...
OpenSIS Community 8.0 SQL Injection
Exploit Title: OpenSIS Community 8.0 - 'cpidmissattn' SQL Injection Date: 09/01/2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux A SQL injection vulnerability exists in the Take Attendance...
FAQ: Citrix Secure Web and Proxy Support
This article answers the frequently asked questions on Secure Web and Web proxy support. For more information about Secure Web and proxy support, refer to Citrix Documentation - Citrix Secure Web. The support for PAC file inMDX application is removed as of September 2021. This means Citrix has...
The vulnerability of the index.php component in the PHP Proxy web proxy script allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the index.php component in the PHP Proxy web proxy script is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host
A flaw was found in the way libcurl handled TLS 1.3 session tickets. A malicious HTTPS proxy could possibly use this flaw to make libcurl resume a TLS session it previously had with the proxy while intending to resume a TLS session with a target server, making it possible for the proxy to perform...
ALPINE-CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
Kubernetes SIGs kube-proxy 安全漏洞
Kubernetes SIGs kube-proxy is an open source application for Kubernetes SIGs. A web proxy. A security vulnerability exists in Kubernetes SIGs kube-proxy, which stems from the possibility that packets sent by the program may be incorrectly routed and arrive elsewhere...
ALPINE-CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...
DEBIAN-CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...
The vulnerability of the fw.login.php component of the Artica Web Proxy management system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the fw.login.php component of the Artica Web Proxy server management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...
Fedora: Security Advisory for privoxy (FEDORA-2021-250d2ca9e6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 33 Update: privoxy-3.0.32-1.fc33
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
[SECURITY] Fedora 32 Update: privoxy-3.0.32-1.fc32
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
Privoxy Assertion Failure Vulnerability
privoxy is a web proxy with advanced filtering features. An assertion failure vulnerability exists in versions prior to privoxy 3.0.32. An attacker can exploit this vulnerability to crash the server via a specially crafted CGI request...
Debian: Security Advisory (DLA-2587-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2587-1] privoxy security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2587-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA March 09, 2021 https://wiki.debian.org/LTS -...