Lucene search
K

676 matches found

OSV
OSV
added 2016/03/20 12:0 a.m.27 views

DSA-3522-1 squid3 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.09288EPSS
Exploits0
Hacker One
Hacker One
added 2016/03/19 9:34 a.m.24 views

Shopify: Stored XSS via "Free Shipping" option (Discounts)

POC steps: 1 Go to the customers page and add a new search group named as "img src=x onerror=prompt7 see img1.png 2 Go to the discounts page, create a new discount code and mark the "Free Shipping" option. 3 Open a web proxy i.e. tamper data and press the "save discount" button. 4 Through the web...

0.4AI score
Exploits0
Fedora
Fedora
added 2016/02/01 6:34 a.m.28 views

[SECURITY] Fedora 22 Update: privoxy-3.0.23-3.fc22

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...

7.5CVSS2.3AI score0.02867EPSS
Exploits0
Fedora
Fedora
added 2016/02/01 2:26 a.m.30 views

[SECURITY] Fedora 23 Update: privoxy-3.0.23-3.fc23

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...

7.5CVSS2.3AI score0.02867EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/02/01 12:0 a.m.37 views

Debian DSA-3460-1 : privoxy - security update

It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

7.5CVSS7.2AI score0.02867EPSS
Exploits0References5
Debian
Debian
added 2016/01/30 8:41 a.m.24 views

[SECURITY] [DSA 3460-1] privoxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3460-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq -...

5CVSS2.7AI score0.02867EPSS
Exploits0
Debian
Debian
added 2016/01/30 8:41 a.m.39 views

[SECURITY] [DSA 3460-1] privoxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3460-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq -...

7.5CVSS7.7AI score0.02867EPSS
Exploits0
OSV
OSV
added 2016/01/30 12:0 a.m.16 views

DSA-3460-1 privoxy - security update

Bulletin has no description...

7.5CVSS7.5AI score0.02867EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/11/19 3:26 a.m.17 views

curl: URL request injection vulnerability in parseurlandfillconn()

It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct...

4.3CVSS6.9AI score0.0681EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2015/10/30 10:8 a.m.21 views

CVE-2004-2654

The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...

5CVSS7.7AI score0.01993EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/08/18 12:0 a.m.40 views

IPFire < 2.17 - Core Update 93 Multiple Vulnerabilities

IPFire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

9.1CVSS9.9AI score0.07673EPSS
Exploits1References1
securityvulns
securityvulns
added 2015/08/10 12:0 a.m.61 views

[SECURITY] [DSA 3327-1] squid3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 03, 2015 https://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.16525EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/08/02 12:0 a.m.18 views

Debian: Security Advisory (DSA-3327-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.3AI score0.16525EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2015/07/23 12:0 a.m.76 views

Oracle iPlanet Web Proxy Server 4.0.x < 4.0.26 NSS Signature Handling Remote Code Injection

According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.26. It is, therefore, affected by a flaw in the definitelengthdecoder function in the Network Security Services...

7.5CVSS7.8AI score0.03182EPSS
Exploits4References3
RedHat Linux
RedHat Linux
added 2015/07/20 1:50 p.m.12 views

curl: URL request injection vulnerability in parseurlandfillconn()

It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct...

4.3CVSS6.9AI score0.0681EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/04/22 12:0 a.m.46 views

Oracle iPlanet Web Proxy Server 4.0 < 4.0.25 NSS Signature Verification Vulnerability

According to its self-reported version, the Oracle iPlanet Web Proxy Server installed on the remote host is version 4.0 prior to 4.0.25. It is, therefore, affected by a flaw in the Network Security Services NSS library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-midd...

7.5CVSS7AI score0.1617EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2015/03/10 3:28 p.m.74 views

USN-2521-1: Oxide vulnerabilities

Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS8.7AI score0.02565EPSS
Exploits0
Fedora
Fedora
added 2015/02/04 7:59 a.m.11 views

[SECURITY] Fedora 20 Update: privoxy-3.0.23-1.fc20

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...

2.3AI score
Exploits0
Fedora
Fedora
added 2015/02/04 7:58 a.m.12 views

[SECURITY] Fedora 21 Update: privoxy-3.0.23-1.fc21

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...

2.3AI score
Exploits0
Exploit DB
Exploit DB
added 2015/02/03 12:0 a.m.225 views

Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape', 'Description' = %q This module abuses a process creation...

9.3CVSS7.6AI score0.7594EPSS
Exploits5
Rows per page
Query Builder