Lucene search
K

675 matches found

Fortinet
Fortinet
added 2018/11/22 12:0 a.m.23 views

Uninitialized memory buffer leak in FortiOS explicit web proxy

An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...

5CVSS0.3AI score0.02119EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2018/11/07 12:0 a.m.2 views

PHP Proxy Local File Inclusion Vulnerability

PHP Proxy is a web-based proxy script designed to be fast, easy to customize, and capable of providing sophisticated website support. A local file inclusion vulnerability exists in PHP Proxy version 3.0.3, which can be exploited by an attacker to read files from the server...

6.6AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2018/10/12 3:0 p.m.600 views

Fake browser update seeks to compromise more MikroTik routers

This blog post was authored by @hasherezade and Jérôme Segura. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing with several vulnerabilities affecting its products' operating system over the past few months. Ever since a critical flaw in RouterOS was...

5CVSS9.4AI score0.96087EPSS
Exploits23
Microsoft KB
Microsoft KB
added 2018/10/09 12:0 a.m.5 views

June 14, 2016 — KB3163017 (OS Build 10240.16942)

June 14, 2016 — KB3163017 OS Build 10240.16942 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Microsoft Edge, and Windows Explorer. Improved...

7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/09/27 12:0 a.m.6 views

November 8, 2016 — KB3198586 (OS Build 10586.679)

November 8, 2016 — KB3198586 OS Build 10586.679 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of the Windows shell, Microsoft Edge, and Internet Explorer 11...

5.5AI score
Exploits0
CNVD
CNVD
added 2018/08/16 12:0 a.m.2 views

Cisco Web Security Appliance Web Proxy Memory Exhaustion Denial of Service Vulnerability

Cisco Web Security Appliance WSA is a set of Web security appliances from Cisco USA. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the development of security policies. A memory exhaustion denial of service vulnerability exists in the Cisco Web...

8.6CVSS8.5AI score0.04119EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/13 12:0 a.m.44 views

Microsoft Windows: Service: WinHTTP Web Proxy Auto-Discovery Service

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winhttpwebproxyautodiscovery.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for WinHTTP Web Proxy Auto-Discovery Service WinHttpAutoProxySvc Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
Prion
Prion
added 2018/06/11 9:29 p.m.20 views

Code injection

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

4.3CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.133 views

CVE-2017-5384

CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox

5.9CVSS6.5AI score0.01521EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.49 views

K2 Smartforms 4.6.11 Server-Side Request Forgery

Vulnerability type: Server Side Request Forgery Vendor: https://www.k2.com/ Product: K2 Smartforms Affected version: 4.6.11 Credit: Foo Jong Meng CVE ID: CVE-2018-9920 DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an...

1AI score0.00796EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.13 views

Solaris 10 (x86) : 120982-25

Sun Java System Web Proxy Server 4.0.17, x86 SVR4 patch: Mainte. Date this patch was last updated by Sun : Jul/01/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.13 views

Solaris 10 (sparc) : 120981-25

Sun Java System Web Proxy Server 4.0.17, Solaris SVR4 patch: Mai. Date this patch was last updated by Sun : Jul/01/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2018/03/07 12:0 a.m.47 views

antMan 0.9.0c Authentication Bypass

Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...

0.4AI score0.5456EPSS
Exploits3
exploitpack
exploitpack
added 2018/03/07 12:0 a.m.14 views

antMan 0.9.0c - Authentication Bypass

antMan 0.9.0c - Authentication Bypass Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POS...

0.4AI score
Exploits0
0day.today
0day.today
added 2018/03/07 12:0 a.m.45 views

antMan 0.9.0c - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt an...

9.2AI score0.5456EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/03/07 12:0 a.m.42 views

antMan 0.9.0c - Authentication Bypass

Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/03/02 12:0 a.m.25 views

antMan < 0.9.1a - Authentication Bypass

Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt and modify the POST parameters as follows:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/02/23 12:0 a.m.45 views

Debian DSA-4122-1 : squid3 - security update

Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A...

7.5CVSS6.5AI score0.13149EPSS
Exploits0References10
Debian
Debian
added 2018/02/22 11:45 p.m.30 views

[SECURITY] [DSA 4122-1] squid3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4122-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2018 https://www.debian.org/security/faq -...

5CVSS1.8AI score0.13149EPSS
Exploits0
Hacker One
Hacker One
added 2018/02/14 5:48 a.m.42 views

Starbucks: Able to reset other user's password in https://card.starbucks.com.sg/

Description In the website https://card.starbucks.com.sg/ there is a password reset function https://card.starbucks.com.sg/forgetPassword.php that sends the password reset link to the user's email. By using a web proxy to monitor the request, the email address can be changed to allow the attacker...

0.5AI score
Exploits0
Rows per page
Query Builder