26 matches found
CVE-2019-25387
Smoothwall Express 3.1-SP4-polar-x86_64-update9 is affected by a reflected cross-site scripting vulnerability in xtaccess.cgi. An unauthenticated attacker can inject JavaScript by sending crafted input to the xtaccess.cgi endpoint via POST, exploiting the EXT, DEST_PORT, or COMMENT parameters to ...
Smoothwall Express 跨站脚本漏洞
Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the xtaccess.cgi endpoint EXT, DESTPORT or COMMENT parameter on the user-supplied data lack of effective filtering...
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...
kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations The Linux kernel CVE team has assigned CVE-2024-26673 to this issue. Upstream advisory:...
CVE-2024-26673
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2024-26673
CVE-2024-26673 affects the Linux kernel netfilter nft_ct, where custom expectations could mishandle layer 3/4 protocol numbers. The issue arises from insufficient validation, allowing unexpected protocol families beyond NFPROTO_IPV4/IPv6/INET and permitting layer-4 protocols without ports, since ...
CVE-2024-26673 netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function...
dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially...
openstack-neutron: incorrect validation of port settings in iptables security group driver
A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option for example, VRRP, an authenticated user could block further application of security group rules f...
DEBIAN-CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
UBUNTU-CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
Rockstar Games: Blind SSRF in emblem editor (2)
Hello, As per your recommendation in 233301, I'm submitting a PoC for another blind SSRF in the emblem editor. To oversight here is allowing absolute url values for the fill attribute: path fill="urlhttps://requestb.in/15rxmgv1test" stroke="a1a1a1" ... Upon publishing an emblem containing such an...
BackBox OS - Denial of Service
//Exploited By Hosein Askari include include include include include ifdef FPASS include endif include include include include ifndef USEBSD define USEBSD endif ifndef FAVORBSD define FAVORBSD endif include include include include include include ifdef LINUX define FIXx htonsx else define FIXx x...
Arpy - Mac OSX Arp Spoof (MITM) Tool
Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions: Packet Sniffing Visited Domains Visited Domains with Gource Each function will be explained below. Tested OS to date Darwin 14.3.0 Darwin Kernel Version 14.3.0 Mac OS X Requirements Python 2.7 Gource Scapy...
CVE-2015-7282
ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port...
NetworkTrafficView - Monitor the traffic on your network adapter
NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports...
Apple Safari / WebKit protection bypass
Integer overflow allows to bypass destination port limitations...
ipidseq NSE Script
Classifies a host's IP ID sequence test for susceptibility to idle scan. Sends six probes to obtain IP IDs from the target and classifies them similarly to Nmap's method. This is useful for finding suitable zombies for Nmap's idle scan -sI as Nmap itself doesn't provide a way to scan for these...