10 matches found
CVE-2026-24853
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
Linux Distros Unpatched Vulnerability : CVE-2021-22251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain tha...
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...
CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...
PT-2022-7091 · Pi-Hole · Pi-Hole
Name of the Vulnerable Software and Affected Versions: Pi-Hole affected versions not specified Description: The issue is related to a lack of validation in the code on a root server path: /admin/scripts/pi-hole/phpqueryads.php. This allows a potential threat actor to perform an unauthorized query...
CVE-2021-22251
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...
UBUNTU-CVE-2021-22251
Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...
Pi-hole 跨站脚本漏洞
Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. A cross-site scripting vulnerability exists in Pi-hole versions prior to 5.5.1, which stems from the fact that Pi-hole's web interface provides a central location to manage Pi-hole instances and check performance statistics.Prior t...
Mallory - HTTP/HTTPS Proxy Over SSH
HTTP/HTTPS proxy over SSH. Installation Local machine: go get github.com/justmao945/mallory/cmd/mallory Remote server: need our old friend sshd Configueration Config file Default path is $HOME/.config/mallory.json, can be set when start program mallory -config path/to/config.json Content: idrsa i...
PT-2019-6205 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.2 and later Description: The issue is related to improper validation of invited users' email addresses, allowing projects to add members with email address domains that should be blocked by group settings. This can be...