Kerlink KerOS 安全漏洞

Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from a firewall misconfiguration and could allow an attacker to bypass the firewall and access protected UDP services...

EUVD-2021-12909

Malware in sbrugna...

EUVD-2022-34909

Malicious code in bioql PyPI...

PT-2023-21401 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Web Services versions 420, 430 Description: The issue allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not...

Dahua software products 授权问题漏洞

Dahua software products are a family of applications from Dahua Corporation of China. A security vulnerability exists in several Dahua software products, which originates from an unauthenticated attacker being able to enable or disable SSHD services by sending specific, carefully crafted packets ...

Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5240 CVE-2015-3280)

Summary IBM SmartCloud Entry is vulnerable to a Nova vulnerability that allows a remote authenticated attacker to cause a denial of service. IBM SmartCloud Entry is vulnerable to a Neutron vulnerability that allows an attacker to bypass firewall rules and gain access to applications. Vulnerabilit...

Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Vulnerabilit

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Product web page: https://www.inim.biz Link:...

CVE-2018-4030

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any...

CVE-2018-0031

CVE-2018-0031 affects Juniper Networks Junos OS where processing of transit UDP/IP packets over MPLS on MPLS-enabled interfaces can bypass a stateless firewall filter. The vulnerability requires specially crafted UDP packets encapsulated in an exact format; while individual packets do not crash s...

Citrix NetScaler Citrix NetScaler AppFirewall Access Restriction Bypass Vulnerability

Citrix NetScaler is a network traffic management product. A security vulnerability in the Citrix NetScaler AppFirewall used by Citrix NetScaler allows an attacker to bypass firewall restrictions via a specially crafted Content-Type header...

Oracle 9i Application Server HTTP Request Smuggling

The version of Oracle Application Server installed on the remote host allows attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks via an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header...

Pangolin 3.2.3 - Automatic SQL injection penetration testing tool New Release !

Pangolin 3.2.3 - Automatic SQL injection penetration testing tool New Release ! Pangolin is an automatic SQL injection penetration testing Pen-testing tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications...

tomcat multiple content-length header poisioning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

MS07-0 0 4 General overflow of the method-completion-bug warning-the black bar safety net

This article ms07-0 0 4 as an example, explores this vulnerability of the General method, to restore the ie method, as well as the heap spray technology. The topic is! by axis Date: 2007-02-13 Email: axisatph4nt0m.org MS07-0 0 4 out there for some time, I wrote an analysis paper, and for this...

MS07-0 0 4 General overflow of the method-completion-bug warning-the black bar safety net

This article ms07-0 0 4 as an example, explores this vulnerability of the General method, to restore the ie method, as well as the heap spray technology. The topic is! by axis Date: 2007-02-13 Email: axisatph4nt0m.org MS07-0 0 4 out there for some time, I wrote an analysis paper, and for this...

QQ漏洞（远程可执行）Tencent QQ VQQPlayer.ocx

No description provided by source. ---------------------------------------------------------------------------------------- / ----------------------------------------------------------------------- Tencent QQ VQQPlayer.ocx all version 0day Author: axis Date: 2006-12-27 Mail: [email protected]...

CVE-2002-2063

AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames...

CVE-2001-0851

CVE-2001-0851 covers the Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled. The issue arises from the syncookie handling that allows a remote attacker to bypass firewall rules by brute-forcing the cookie, effectively defeating first-hop filtering. Public advisories from Red Hat, SUSE, Mandrak...