349 matches found
CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...
Shenzhen Libituo Technology LBT-T300-T400 安全漏洞
The Shenzhen Libituo Technology LBT-T300-T400 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T400 v.3.2, which is caused by a buffer overflow vulnerability that can be exploited by a local attacker to...
LBT-T300-mini1 - Remote Buffer Overflow
include include define MAXLEN 256 define BUFFEROVERRUNLENGTH 50 define SHELLCODELENGTH 32 // NOP sled to increase the chance of successful shellcode execution char nopsledSHELLCODELENGTH =...
CVE-2024-29243
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpnclientip parameter at /apply.cgi...
PT-2024-22838 · Shenzhen Libituo Technology Co. · Lbt-T300-Mini
Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-mini version 1.2.9 Description: A buffer overflow issue was discovered via the vpn client ip parameter at the "/apply.cgi" API endpoint. Recommendations: For version 1.2.9, avoid using the vpn...
PT-2024-2610 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.6.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.2 Apache Pulsar versions 3.0.0 through 3.0.1 Apache Pulsar version 3.1.0 Description: The issue is related to an improper authentication vulnerability in t...
OESA-2024-1250 containers-common security update
This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...
BIT-PARSE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
BIT-GOLANG-2022-32148 Exposure of client IP addresses in net/http
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the...
BIT-MOD_WSGI-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2024-27567
LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpnclientip parameter in the configvpnpptp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...
LinBle LBT T300-T390 Security Vulnerability
LinBle LBT T300-T390 is a 4G Industrial Router from LinBle China. A security vulnerability exists in the LinBle LBT T300-T390 v2.2.1.8, which is caused by a buffer overflow in the vpnclientip parameter of the configvpnpptp method...
PT-2024-21950 · Unknown · Lbt T300-T390
Name of the Vulnerable Software and Affected Versions: LBT T300- T390 version 2.2.1.8 Description: The issue is related to a stack overflow via the vpn client ip parameter in the config vpn pptp function, allowing attackers to cause a Denial of Service DoS via a crafted POST request...
Advisory ROSA-SA-2024-2363
Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...
PT-2023-31967 · WordPress · Cleantalk
Name of the Vulnerable Software and Affected Versions: CleanTalk WordPress plugin versions prior to 2.121 Description: The issue allows an attacker to manipulate the client IP address retrieved by the Security & Malware scan, potentially bypassing bruteforce protection. This is due to the plugin...
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5775)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5775 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...
Rocky Linux 9 : grafana-pcp (RLSA-2022:8250)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8250 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...
Security Bulletin: IBM Storage Ceph is vulnerable via Exposure of Sensitive Information to an Unauthorized Actork in Golang (CVE-2022-32148)
Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-32148 Vulnerability Details CVEID: CVE-2022-32148 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by improper exposure of client IP addresses in net/htt...
CVE-2023-5133
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
Code injection
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...