Lucene search
K

675 matches found

CVE
CVE
added 2020/08/12 4:33 p.m.117 views

CVE-2020-17505

Artica Web Proxy 4.30.000000 is affected by CVE-2020-17505. AnAuthenticated attacker can inject commands via the service-cmds parameter in cyrus.php, with the injected commands executed as root through service_cmds_peform, yielding remote code execution. The issue is documented across multiple so...

9CVSS8.5AI score0.82165EPSS
In wildExploits4References2Affected Software1
Cvelist
Cvelist
added 2020/08/12 4:33 p.m.24 views

CVE-2020-17506

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php...

10AI score0.93967EPSS
Exploits7References3
CVE
CVE
added 2020/08/12 4:33 p.m.192 views

CVE-2020-17506

CVE-2020-17506 affects Artica Web Proxy 4.30.00000000. The vulnerability is an SQL injection in the apikey parameter of fw.login.php that allows remote attackers to bypass privilege detection and gain web backend administrator privileges. Documents indicate this can lead to authentication bypass ...

9.8CVSS9.9AI score0.93967EPSS
In wildExploits7References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.3 views

PT-2020-15027 · Artica · Artica Web Proxy

Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.000000 Description: The issue allows an authenticated remote attacker to inject commands via the service-cmds parameter in "cyrus.php". These commands are executed with root privileges through the service cmds...

9CVSS9AI score0.82165EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.3 views

PT-2020-5817 · Artica · Artica Web Proxy

Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.00000000 Description: The issue is related to a lack of protection against SQL structure manipulation in the fw.login.php component. This can be exploited by a remote attacker to bypass privilege detection and ga...

10CVSS9.9AI score0.93967EPSS
Exploits7References7
Ubuntu
Ubuntu
added 2020/08/03 1:25 p.m.77 views

USN-4446-1: Squid vulnerabilities

Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...

9.8CVSS6.7AI score0.0918EPSS
Exploits0
CNVD
CNVD
added 2020/07/29 12:0 a.m.3 views

Parity Browser Security Vulnerability

Parity Browser is a lightweight and fast Ethereum programming language client. A security vulnerability exists in Parity Browser version 1.6.10 and earlier. A remote attacker can exploit this vulnerability to obtain sensitive information by requesting other websites with the help of a parity bit...

5.3CVSS6.6AI score0.05479EPSS
Exploits4References1
Gentoo Linux
Gentoo Linux
added 2020/07/27 12:0 a.m.50 views

Sarg: Local privilege escalation

Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description A flaw in Sarg’s handling of temporary directories was discovered. Impact A local attacker may be able to escalate...

7CVSS6.8AI score0.0025EPSS
Exploits0
CNVD
CNVD
added 2020/05/09 12:0 a.m.2 views

Parity Browser Security Vulnerability

Parity Browser is a lightweight and fast Ethereum programming language client. A security vulnerability exists in Parity Browser version 1.6.10 and earlier. A remote attacker can exploit this vulnerability to obtain sensitive information by requesting other websites with the help of a parity bit...

6.6AI score
Exploits0
CNVD
CNVD
added 2019/11/13 12:0 a.m.1 views

Squid URI processor input validation error vulnerability

Squid is a suite of proxy server and web caching server software. The software provides caching the World Wide Web , filtering traffic , proxy Internet access , etc. URI processor is one of the URI Uniform Resource Identifier processor . An input validation error vulnerability exists in the URI...

9.1CVSS6.7AI score0.04302EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/04 12:0 a.m.3 views

The vulnerability of the Java Virtual Machine component of Oracle GraalVM Enterprise Edition and the Oracle Java SE and Oracle Java SE Embedded software allows attackers to compromise the integrity of protected information.

The vulnerability of the Java Virtual Machine component of Oracle GraalVM Enterprise Edition and Oracle Java SE, Oracle Java SE Embedded software products is related to errors in handling HTTP proxy responses. Exploiting this vulnerability can allow an attacker to compromise the integrity of...

6.8CVSS5.5AI score0.03239EPSS
Exploits0References13Affected Software7
RedHat Linux
RedHat Linux
added 2019/10/21 7:2 p.m.3 views

OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

6.8CVSS7.4AI score0.03239EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/09/03 1:56 a.m.142 views

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.9AI score0.50454EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.252 views

Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection

!/usr/bin/perl -w Cisco C690 Email Security Appliance Version: 11.0.2-044 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fac...

0.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2019/08/27 12:0 a.m.3 views

Artica Web Proxy Cross-site Scripting (CVE-2017-17055)

A cross-site scripting vulnerability exists in Artica Web Proxy. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

8.5CVSS5.1AI score0.08708EPSS
Exploits6
OpenVAS
OpenVAS
added 2019/08/25 12:0 a.m.93 views

Debian: Security Advisory (DSA-4507-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.74477EPSS
Exploits1References4
Debian
Debian
added 2019/08/24 11:46 a.m.40 views

[SECURITY] [DSA 4507-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.74477EPSS
Exploits1
Debian
Debian
added 2019/08/24 11:46 a.m.193 views

[SECURITY] [DSA 4507-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4507-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2019 https://www.debian.org/security/faq -...

9.8CVSS9.6AI score0.74477EPSS
Exploits1
OSV
OSV
added 2019/08/23 6:15 a.m.5 views

CVE-2019-15507

In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...

6.5CVSS6.6AI score0.00632EPSS
Exploits0References1
OSV
OSV
added 2019/07/25 4:15 p.m.5 views

CVE-2019-14268

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...

6.5CVSS6.6AI score0.01083EPSS
Exploits0References1
Rows per page
Query Builder