675 matches found
Uninitialized memory buffer leak in FortiOS explicit web proxy
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...
PHP Proxy Local File Inclusion Vulnerability
PHP Proxy is a web-based proxy script designed to be fast, easy to customize, and capable of providing sophisticated website support. A local file inclusion vulnerability exists in PHP Proxy version 3.0.3, which can be exploited by an attacker to read files from the server...
Fake browser update seeks to compromise more MikroTik routers
This blog post was authored by @hasherezade and Jérôme Segura. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing with several vulnerabilities affecting its products' operating system over the past few months. Ever since a critical flaw in RouterOS was...
June 14, 2016 — KB3163017 (OS Build 10240.16942)
June 14, 2016 — KB3163017 OS Build 10240.16942 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Microsoft Edge, and Windows Explorer. Improved...
November 8, 2016 — KB3198586 (OS Build 10586.679)
November 8, 2016 — KB3198586 OS Build 10586.679 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of the Windows shell, Microsoft Edge, and Internet Explorer 11...
Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability
Cisco Web Security Appliance WSA is a set of Web security appliances from Cisco USA. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the development of security policies. A memory exhaustion denial of service vulnerability exists in the Cisco Web...
Microsoft Windows: Service: WinHTTP Web Proxy Auto-Discovery Service
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winhttpwebproxyautodiscovery.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for WinHTTP Web Proxy Auto-Discovery Service WinHttpAutoProxySvc Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Code injection
Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...
CVE-2017-5384
CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox
K2 Smartforms 4.6.11 Server-Side Request Forgery
Vulnerability type: Server Side Request Forgery Vendor: https://www.k2.com/ Product: K2 Smartforms Affected version: 4.6.11 Credit: Foo Jong Meng CVE ID: CVE-2018-9920 DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an...
Solaris 10 (x86) : 120982-25
Sun Java System Web Proxy Server 4.0.17, x86 SVR4 patch: Mainte. Date this patch was last updated by Sun : Jul/01/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Solaris 10 (sparc) : 120981-25
Sun Java System Web Proxy Server 4.0.17, Solaris SVR4 patch: Mai. Date this patch was last updated by Sun : Jul/01/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
antMan 0.9.0c Authentication Bypass
Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...
antMan 0.9.0c - Authentication Bypass
antMan 0.9.0c - Authentication Bypass Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POS...
antMan 0.9.0c - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt an...
antMan 0.9.0c - Authentication Bypass
Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...
antMan < 0.9.1a - Authentication Bypass
Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...
Debian DSA-4122-1 : squid3 - security update
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A...
[SECURITY] [DSA 4122-1] squid3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4122-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2018 https://www.debian.org/security/faq -...
Starbucks: Able to reset other user's password in https://card.starbucks.com.sg/
Description In the website https://card.starbucks.com.sg/ there is a password reset function https://card.starbucks.com.sg/forgetPassword.php that sends the password reset link to the user's email. By using a web proxy to monitor the request, the email address can be changed to allow the attacker...