Lucene search
K

675 matches found

0day.today
0day.today
added 2017/12/01 12:0 a.m.40 views

Artica Web Proxy 3.06 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt Vendor: ======= www.articatech.com Product: =========...

8.5CVSS8.9AI score0.08708EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/12/01 12:0 a.m.88 views

Artica Web Proxy 3.06 - Remote Code Execution

Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt + ISR: ApparitionSec Vendor: ======= www.articatech.com Product: ========= Artica Web Proxy v.3.06.112216...

9CVSS9.2AI score0.08708EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2017/11/17 12:0 a.m.33 views

Fortinet FortiOS 5.2.x < 5.2.23 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 Web Proxy Disclaimer Response Page Reflected XSS (FG-IR-17-168)

The version of Fortinet FortiOS running on the remote device is 5.2.x prior to 5.2.12, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by a flaw in the web proxy disclaimer response page input validation that allows a reflected cross-site scripting XSS attack. C Tenable...

6.1CVSS6.1AI score0.01076EPSS
Exploits0References2
Prion
Prion
added 2017/11/13 2:29 p.m.16 views

Cross site scripting

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

4.3CVSS6AI score0.01076EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/11/13 2:29 p.m.5 views

CVE-2017-7739

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

6.1CVSS5.9AI score0.01076EPSS
Exploits0References3
CVE
CVE
added 2017/11/13 2:0 p.m.53 views

CVE-2017-7739

CVE-2017-7739 (Fortinet FortiOS): A reflected XSS vulnerability in the web proxy disclaimer response page allows an unauthenticated attacker to inject arbitrary script/HTML by sending a malicious URL. The underlying issue is flawed input validation on the disclaimer page. Affected FortiOS version...

6.1CVSS5.9AI score0.01076EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2017/11/13 2:0 p.m.10 views

CVE-2017-7739

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

5.7AI score0.01076EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/13 2:0 p.m.24 views

CVE-2017-7739

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

6AI score0.01076EPSS
Exploits0References3
Fortinet
Fortinet
added 2017/11/03 12:0 a.m.23 views

FortiOS Reflected XSS in Web Proxy Disclaimer Response web page

A reflected XSS vulnerability exists in FortiOS web proxy disclaimer response web pages, potentially exploitable by an unauthenticated attacker, via sending a maliciously crafted URL to the victim. The victim visiting the malicious URL would then have arbitrary javascript code executed in the...

4.3CVSS6.3AI score0.01076EPSS
Exploits0Affected Software1
Gitee
Gitee
added 2017/09/07 10:5 a.m.6 views

Exploit for Buffer Underflow in Microsoft

github 军火库 web,安全,渗透,军火库 漏洞及渗透练习平台: WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy Damn Vulnerable Web Application漏洞练习平台 https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Goat...

9.3CVSS7.5AI score0.89557EPSS
Exploits25
OSV
OSV
added 2017/07/25 7:29 p.m.2 views

CVE-2017-6751

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypa...

7.5CVSS5.8AI score0.01963EPSS
Exploits0References3
CVE
CVE
added 2017/07/25 7:0 p.m.75 views

CVE-2017-6751

Cisco Web Security Appliance (WSA) is affected (virtual and hardware). The issue is a web proxy bypass where traffic forwarded from the web proxy interface to the administrative management interface is not denied, enabling an unauthenticated remote attacker to reach the admin interface (Access Co...

7.5CVSS7.5AI score0.01963EPSS
Exploits0References3Affected Software2
OpenVAS
OpenVAS
added 2017/07/20 12:0 a.m.19 views

Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device. SPDX-FileCopyrightText: 20...

7.5CVSS7.6AI score0.01963EPSS
Exploits0References1
Citrix
Citrix
added 2017/05/30 12:0 a.m.8 views

How Do I Configure Cloud Connector to Support a Web Proxy

The primary intent of this article is to provide steps on how to configure the Cloud Connector to support a web proxy. The Connector supports connection to the internet via a web proxy server. The Connector requires outbound connectivity on port 443. Both the installer and the services it install...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/05/19 11:19 p.m.18 views

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

6.4AI score
Exploits0
Ubuntu
Ubuntu
added 2017/02/06 11:18 p.m.93 views

USN-3175-2: Firefox regression

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in...

7.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/01/24 10:5 a.m.5 views

squid: Information disclosure in HTTP request processing

It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections...

7.5CVSS5.8AI score0.06766EPSS
Exploits0References5
Debian
Debian
added 2016/12/25 8:13 p.m.24 views

[SECURITY] [DLA 763-1] squid3 security update

Package : squid3 Version : 3.1.20-2.2+deb7u7 CVE ID : CVE-2016-10002 Debian Bug : 848493 Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests,...

7.5CVSS7.9AI score0.06766EPSS
Exploits0
Debian
Debian
added 2016/12/24 4:41 a.m.23 views

[SECURITY] [DSA 3745-1] squid3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq -...

5CVSS1.6AI score0.06766EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/02 11:5 a.m.6 views

OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS7.2AI score0.03937EPSS
Exploits0References5
Rows per page
Query Builder