CVE-2026-4281

The CVE concerns the FormLift for Infusionsoft Web Forms WordPress plugin. Affected versions: all up to 7.5.21. The vulnerability stems from missing capability checks in FormLift_Infusionsoft_Manager.connect() and FormLift_Infusionsoft_Manager.listen_for_tokens(), which run on every page load via...

ALPINE-CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

SUSE CVE-2010-2188

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...

CVE-2019-1876

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...

DEBIAN-CVE-2003-1605

curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...

Privilege escalation

ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...

DEBIAN-CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...

Cross site request forgery (csrf)

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...

Updated squid packages fix CVE-2015-5400

Updated squid packages fix security vulnerability: Alex Rousskov discovered that Squid configured with cachepeer and operating on explicit proxy traffic does not correctly handle CONNECT method peer responses. In some configurations, it allows remote clients to bypass security in an explicit...

Debian DSA-3327-1 : squid3 - security update

Alex Rousskov of The Measurement Factory discovered that Squid3, a fully featured web proxy cache, does not correctly handle CONNECT method peer responses when configured with cachepeer and operating on explicit proxy traffic. This could allow remote clients to gain unrestricted access through a...

Squid CONNECT Method Peer Response Processing Security Control Bypass Vulnerability

Squid cache or Squid for short is a popular free software GNU General Public License proxy server and web caching server. Squid cache fails to properly handle CONNECT method peer-to-peer replies, allowing remote attackers to access backend proxies by exploiting security controls that bypass the...

WebGate Multiple Products WESPSerialPortCtrl Buffer Overflow (CVE-2015-2097)

A buffer overflow vulnerability exists in WebGate Multiple Products. The vulnerability is due to insufficient input validation of the length of the parameters passed to the Connect method of WESPSerialPort.WESPSerialPortCtrl.1. A remote attacker could exploit this vulnerability by enticing a user...

HTTP 'CONNECT' Method Detection

Binary data 8712.prm...

WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow

var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh = "\xe7\x04\x01\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow

WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh =...