Lucene search
K

346 matches found

Github Security Blog
Github Security Blog
added 2024/08/29 6:31 p.m.33 views

Serilog Client IP Spoofing vulnerability

Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...

6.5CVSS6.9AI score0.00322EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/08/29 6:15 p.m.32 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 12:0 a.m.59 views

CVE-2024-44930

Summary of CVE-2024-44930 : Serilog (Serilog.Enrichers.ClientInfo) before v2.1.0 is affected by a Client IP Spoofing vulnerability. Attackers can falsify the client IP by supplying an arbitrary IP in the X-Forwarded-For or Client-Ip headers during HTTP requests. Affected component/functionality i...

6.5CVSS7.2AI score0.00322EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/29 12:0 a.m.13 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS7AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.5 views

PT-2024-31308 · Serilog · Serilog

Name of the Vulnerable Software and Affected Versions: Serilog versions prior to 2.1.0 Description: The issue allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. This enables attackers to...

6.9CVSS7.4AI score0.00322EPSS
Exploits0References12
Cvelist
Cvelist
added 2024/08/29 12:0 a.m.35 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

0.00322EPSS
Exploits0References2
Redos
Redos
added 2024/08/28 12:0 a.m.296 views

ROS-20240827-01

A vulnerability in the modwsgi module of the Apache web server is related to errors in X-Client-IP header processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to network services. access to network services...

7.5CVSS7.1AI score0.0069EPSS
Exploits1
NVD
NVD
added 2024/08/19 9:15 p.m.30 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

5.3CVSS0.00591EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/08/19 12:0 a.m.17 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

7.5AI score0.00591EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/08/19 12:0 a.m.24 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

0.00591EPSS
Exploits3References2
GithubExploit
GithubExploit
added 2024/08/18 5:9 p.m.602 views

Exploit for Authentication Bypass by Spoofing in Typecho

Typecho Multiple Vulnerabilities This repository contains the...

9CVSS7.3AI score0.02671EPSS
Exploits8
NVD
NVD
added 2024/08/07 4:15 p.m.13 views

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

5.3CVSS0.00376EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/07 12:0 a.m.12 views

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

7AI score0.00376EPSS
Exploits1References1
CVE
CVE
added 2024/08/07 12:0 a.m.23 views

CVE-2024-41432

CVE-2024-41432 affects Likeshop up to 2.5.7.20210811. The issue is IP spoofing via forged X-Forwarded or Client-IP headers, enabling attackers to bypass admin login lockouts, spoof server requests, and impersonate other IPs tied to user sessions. No explicit fixes or patches are provided in the c...

5.3CVSS7AI score0.00376EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/25 11:35 p.m.15 views

CVE-2024-4869 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS6.1AI score0.00377EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/05/20 1:35 p.m.605 views

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense_Plus

CVE-2023-27100 - pfSense Anti-brute force protection bypass...

9.8CVSS9.5AI score0.09844EPSS
Exploits5
OSV
OSV
added 2024/05/17 10:15 a.m.3 views

DEBIAN-CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

8.8CVSS8.9AI score0.76618EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/05/17 9:53 a.m.91 views

CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS10AI score0.76618EPSS
Exploits5References1
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.6 views

Shenzhen Libituo Technology LBT-T300-T400 安全漏洞

The Shenzhen Libituo Technology LBT-T300-T400 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T400 v.3.2, which is caused by a buffer overflow vulnerability that can be exploited by a local attacker to...

7.8CVSS7.8AI score0.00254EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2024/03/25 12:0 a.m.310 views

LBT-T300-mini1 - Remote Buffer Overflow

include include define MAXLEN 256 define BUFFEROVERRUNLENGTH 50 define SHELLCODELENGTH 32 // NOP sled to increase the chance of successful shellcode execution char nopsledSHELLCODELENGTH =...

7.4AI score
Exploits0
Rows per page
Query Builder