GHSA-289F-FQ7W-6Q2W phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Summary BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha at phpmyfaq/src/phpMyFAQ/Captcha/BuiltinCaptcha.php:298 and :330 interpolate the User-Agent header and client IP address into DELETE and INSERT queries with sprintf and no escaping. Both methods run on every hit to the publi...

CVE-2023-4279

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...

EUVD-2003-1571

Malware in sbrugna...

EUVD-2017-7996

Malware in sbrugna...

EUVD-2017-7734

Malware in sbrugna...

EUVD-2018-18537

Malware in sbrugna...

EUVD-2023-0561

Malicious code in bioql PyPI...

EUVD-2023-57471

Malicious code in bioql PyPI...

CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL

ACL configured in ipallow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting proxy.config.acl.subjects to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects...

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

CVE-2024-0970

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...

CVE-2024-0970 User Activity Tracking and Log < 4.1.4 - IP Spoofing

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...

Citrix policies filtered by Client IP address not applying after 2411

Citrix policies are applied using as filter IP address of the client The IP addresses defined are the ones of the endpoints who has Citrix Workspace App installed The policy worked correctly before upgrading VDA to version 2411 However, when the VDA is upgraded to version 2411 or newer, the...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

How to configure "Client IP-User Name-VDA server" one-to-one association via NetScaler Gateway

This Article provide a configuration sample in NetScaler to fulfill "Client IP Address--User Name--VDA server" one-to-one association via NetScaler Gateway...

CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...

PT-2023-18526 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.4.1 Description: The issue arises from Parse Server's use of the request header x-forwarded-for to determine the client IP address. If Parse Server is not running behind a proxy server, a client can set this...

[SECURITY] Fedora 36 Update: golang-github-path-network-mmproxy-2.1-4.fc36

go-mmproxy is a standalone application that unwraps HAProxy's PROXY protocol also adopted by other projects such as NGINX so that the network connection to the end server comes from client's - instead of proxy server's - IP address and port number...

Fedora: Security Advisory for golang-github-path-network-mmproxy (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...