VINCE 安全漏洞

VINCE is an open-source CERT coordination center developed and used by the U.S. CERT Coordination Center. It serves as a platform for improving vulnerability disclosure efforts. Versions of VINCE prior to 3.0.38 contained security vulnerabilities. These vulnerabilities were caused by code...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the getRealIpAddr function, which trusted the HTTP headers controlled by users. This could allow...

WordPress plugin BigBuy Dropshipping Connector for WooCommerce 信息泄露漏洞

WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...

EUVD-2022-29473

Malicious code in bioql PyPI...

CVE-2024-35175

sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as...

CVE-2024-54450

CVE-2024-54450 affects Kurmi Provisioning Suite 7.9.0.33. During authentication, if an X-Forwarded-For header is present, the application records the header-provided IP (potentially forged) instead of the real IP, and may display this fake IP in the user’s My Account popup. The issue is classifie...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser.Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The software supports IMAP, POP mail protocols, and HTML mail...

CVE-2024-35175

sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as...

CVE-2022-24594

CVE-2022-24594 affects waline 1.6.1. An attacker can submit messages with a forged IP address by manipulating the X-Forwarded-For header, enabling IP spoofing. Multiple connected sources (Red Hat advisory, Veracode note) indicate this can bypass IP-related checks such as IP frequency limits, affe...

Google Chrome Omnibox Spoofing Vulnerability (CNVD-2018-20140)

Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 63.0.3239.84, which stems from insufficient policy enforcement. The vulnerability can be exploited by remote attacker...

Google Chrome Omnibox Spoofing Vulnerability (CNVD-2018-20141)

Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 63.0.3239.84, which stems from insufficient policy enforcement. The vulnerability can be exploited by remote attacker...

Mozilla Firefox Forgery Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A forgery vulnerability exists in versions prior to Mozilla Firefox 58. An attacker can exploit this vulnerability to forge URLs and conduct phishing attacks...

Mozilla Thunderbird Address Forgery Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation developed from the Mozilla Application Suite independent of the e-mail client software, support for IMAP, POP mail protocol and HTML mail format. An address forgery vulnerability exists in versions of Mozilla Thunderbird prior to 52.5.2...

Google Chrome Address Forgery Vulnerability

Google Chrome is a popular web browser. An address forgery vulnerability exists in Google Chrome Omnibox, which allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be tricked into parsing and can be used in spoofing attacks...

Google Chrome Omnibox Address Forgery Vulnerability

Google Chrome is a popular web browser. An address forgery vulnerability exists in Google Chrome Omnibox, which allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be tricked into parsing...

Google Chrome Omnibox Address Forgery Vulnerability (CNVD-2017-02098)

Google Chrome is a popular web browser. An address forgery vulnerability exists in Google Chrome Omnibox, which allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be tricked into parsing and can deceive users...

Google Chrome Omnibox Address Spoofing Vulnerability (CNVD-2016-12113)

Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in versions of Google Chrome prior to 55.0.2883.75. An attacker can exploit the vulnerability to forge address information...

Dotclear Password Reset Address Forgery Vulnerability

Dotclear is an open source free web publishing software. Dotclear suffers from a password reset address forgery vulnerability that can be exploited by an attacker to forge the hostname of a password reset address...

Google Chrome URL Forgery Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the 'CustomButton::AcceleratorPressed' function in the ui/views/controls/button/custombutton.cc file in Google Chrome versions prior to 48.0.2564.82. ' function in the...

Apache HTTP Server 'mod_remoteip.c' IP Address Forgery Vulnerability

Apache HTTP Server is a popular WEB service program. Apache HTTP Server 'modremoteip.c' has an IP address forgery vulnerability that allows attackers to exploit the vulnerability to bypass security restrictions and conduct attacks such as spoofing...