Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the unsafe usage of Kubernetes ExternalName type with Ingress controller. An attacker can gain unauthorized access to internal services, leveraging the controller's network...

CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

PT-2023-25074 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows attackers to execute a Server-Side Request Forgery SSRF and obtain information on the services running on the server via crafted requests in the social and links tools...

Boomerang - A Tool To Expose Multiple Internal Servers To Web/Cloud

Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools like proxychains can connect over socks, another will be for the agent to connect. The agent can be executed on any internal host. Th...