CVE-2026-43634 HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

CVE-2026-43634

CVE-2026-43634 affects HestiaCP versions 1.2.0–1.9.4. The vulnerability is an IP spoofing flaw: unauthenticated attackers can send arbitrary IPs via the CF-Connecting-IP header, bypassing authentication controls and Cloudflare network verification. This can defeat fail2ban brute-force protections...

EUVD-2026-30935

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

CVE-2026-43226 net/rds: No shortcut out of RDS_CONN_ERROR

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

How to back up your iPhone to a Mac

They say the only backup you ever regret is the one you didnt make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things youve lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your Ma...

[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37

gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

K85235351: cURL and libcurl vulnerability CVE-2016-8624

Security Advisory Description curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL...

CVE-2022-33268

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2022-34210

A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

PT-2020-18258 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.2 Description: The issue is caused by an error processing connecting applications, which can lead to a denial of service attack. Recommendations: For IBM MQ version 9.2, at the moment, there is no information about a newer...

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

ZeroMQ: Denial of service

Background Looks like an embeddable networking library but acts like a concurrency framework. Description It was discovered that ZeroMQ does not properly handle connecting peers before a handshake is completed. Impact An unauthenticated remote attacker able to connect to a ZeroMQ endpoint, even...

null

A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...

gtk-vnc security, bug fix, and enhancement update

0.7.0-2 - Fix reserved data size rhbz 1416783 - Fix inverted args in tests rhbz 1416783 - Avoid sign extension problems rhbz 1416783 - Fix crash with opening via GSocketAddress rhbz 1416783 - Fix crash & error reporting during connection timeout rhbz 1441120 - Fix incompatibility with libvncserve...

CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability All Versions Usage Info Usage:alibaba.php host shell-file.php Ex:alibaba.php www.example.com c99.php Test : php alibaba.php tibastore.com c99.php php alibaba.php hechoenmexicob2b.com c99.php $val $data .= "--$boundary\n"; $data .=...

FreeFloat FTP 1.0 Raw Commands Buffer Overflow

FreeFloat FTP 1.0 allows an attacker to trigger a buffer overflow and execute arbitrary code when a long and invalid raw command is sent to it. import socket, struct, sys if lensys.argv 3: print "usage: %s IP port" % sys.argv0 sys.exit0 ip = sys.argv1 port = intsys.argv2 Bind shellcode generated...

linux x86 - nc -lvve/bin/sh -p13377 shellcode

linux x86 nc -lvve/bin/sh -p13377 shellcode. Shellcode exploit for linux platform linux x86 nc -lvve/bin/sh -p13377 shellcode This shellcode will listen on port 13377 using netcat and give /bin/sh to connecting attacker Author: Anonymous Site: http://chaossecurity.wordpress.com/ Here is code...

Easy-Clanpage 2.1 - SQL Injection

Easy-Clanpage 2.1 - SQL Injection /----------------------------Information------------------------------------------------ +Name : Easy-Clanpage 2.1 http://www.easy-clanpage.de /?section=downloads&action=viewdl&id=16 +Price : for free +Language : PHP +Discovered by Easy Laster +Security Group...

DUgallery 3.0 / Remote Admin Bug

Hi Everybody! Application : DUgallery 3.0 Risk : High Risk Connecting : Remote Admin Normally, DUGallery 3.0 Admin Pannel is : http://.Com/Accessories/admin/default.asp But We Can Connect Admin Pannel No UserName and No PassWord this page ; http://.Com/Accessories/admin/edit.asp?iPic=PictureID We...