541 matches found
curl: Gopher Protocol Command Injection (SSRF Smuggling)
Summary The curl Gopher protocol handler is vulnerable to command injection through URL-encoded CRLF sequences in the path. This allows an attacker to "smuggle" additional Gopher selectors or arbitrary commands into a single Gopher request. By using %0d%0a in the URL, an attacker can break the...
CVE-1999-0124
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon...
CVE-1999-0640
The Gopher service is running...
curl: CRLF Injection in Gopher Protocol (`lib/gopher.c`)
Control characters slip through during URL handling in curl’s Gopher setup. Though null bytes get blocked by the REJECTZERO setting, returns and line feeds remain permitted. A specially built address using percent-encoded breaks - like %0D%0A - opens room for command insertion. Because of how...
curl: Protocol Smuggling / CRLF Injection via Gopher Protocol allows Arbitrary Command Injection
Summary: I have discovered that the Gopher protocol implementation in curl fails to properly sanitize newline characters %0d%0 in the selector path. This allows an attacker to inject arbitrary TCP commands when curl connects to a target server via gopher://. This vulnerability enables Protocol...
Oracle Linux 7 : squid (ELSA-2025-19167)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19167 advisory. - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 ...
squid security update
7:3.5.20-17.0.9.13 - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - authentication credential leakage in error handling Orabug: 38587551 7:3.5.20-17.0.7.13 - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 7:3.5.20-17.0.5.13 - Fixed cv...
Siemens SIMATIC S7-1500 Double Free (CVE-2022-42915)
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...
Malicious code in incredible_gopher_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9e68c3b7c17f19f77d4594d269e7cf854b5270942a32bac51b985c5afcd814 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-134276 Malicious code in incredible_gopher_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9e68c3b7c17f19f77d4594d269e7cf854b5270942a32bac51b985c5afcd814 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in driving_gopher_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7fba6dd5e534f7b51c2b37dc867bf9da1d1539de74b759d4f83cba05c0fb826 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102106
Malicious code in spectaculargopherz3n npm...
EUVD-2025-100108
Malicious code in definitegopherz3n npm...
EUVD-2025-106242
Malicious code in characteristicgopherz3n npm...
EUVD-2025-94166
Malicious code in visitinggopherz3n npm...
MAL-2025-120370 Malicious code in glorious_gopher_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab336d7d203ff581759b543fd2929e29ba227a1b541c92cecf75598c0e485362 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-106567
Malicious code in apparentgopherz3n npm...
EUVD-2025-88869
Malicious code in seriousgopherz3n npm...
EUVD-2025-91059
Malicious code in intensegopherz3n npm...
EUVD-2025-75457
Malicious code in terriblegopher-appteadev npm...