675 matches found
CVE-2020-17505
Artica Web Proxy 4.30.000000 is affected by CVE-2020-17505. AnAuthenticated attacker can inject commands via the service-cmds parameter in cyrus.php, with the injected commands executed as root through service_cmds_peform, yielding remote code execution. The issue is documented across multiple so...
CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...
CVE-2020-17506
CVE-2020-17506 affects Artica Web Proxy 4.30.00000000. The vulnerability is an SQL injection in the apikey parameter of fw.login.php that allows remote attackers to bypass privilege detection and gain web backend administrator privileges. Documents indicate this can lead to authentication bypass ...
PT-2020-15027 · Artica · Artica Web Proxy
Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.000000 Description: The issue allows an authenticated remote attacker to inject commands via the service-cmds parameter in "cyrus.php". These commands are executed with root privileges through the service cmds...
PT-2020-5817 · Artica · Artica Web Proxy
Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.00000000 Description: The issue is related to a lack of protection against SQL structure manipulation in the fw.login.php component. This can be exploited by a remote attacker to bypass privilege detection and ga...
USN-4446-1: Squid vulnerabilities
Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...
Parity Browser Security Vulnerability
Parity Browser is a lightweight and fast Ethereum programming language client. A security vulnerability exists in Parity Browser version 1.6.10 and earlier. A remote attacker can exploit this vulnerability to obtain sensitive information by requesting other websites with the help of a parity bit...
Sarg: Local privilege escalation
Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description A flaw in Sarg’s handling of temporary directories was discovered. Impact A local attacker may be able to escalate...
Parity Browser Security Vulnerability
Parity Browser is a lightweight and fast Ethereum programming language client. A security vulnerability exists in Parity Browser version 1.6.10 and earlier. A remote attacker can exploit this vulnerability to obtain sensitive information by requesting other websites with the help of a parity bit...
Squid URI processor input validation error vulnerability
Squid is a suite of proxy server and web caching server software. The software provides caching the World Wide Web , filtering traffic , proxy Internet access , etc. URI processor is one of the URI Uniform Resource Identifier processor . An input validation error vulnerability exists in the URI...
The vulnerability of the Java Virtual Machine component of Oracle GraalVM Enterprise Edition and the Oracle Java SE and Oracle Java SE Embedded software allows attackers to compromise the integrity of protected information.
The vulnerability of the Java Virtual Machine component of Oracle GraalVM Enterprise Edition and Oracle Java SE, Oracle Java SE Embedded software products is related to errors in handling HTTP proxy responses. Exploiting this vulnerability can allow an attacker to compromise the integrity of...
OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection
!/usr/bin/perl -w Cisco C690 Email Security Appliance Version: 11.0.2-044 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fac...
Artica Web Proxy Cross-site Scripting (CVE-2017-17055)
A cross-site scripting vulnerability exists in Artica Web Proxy. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Debian: Security Advisory (DSA-4507-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4507-1] squid security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...