Lucene search
K

541 matches found

Hacker One
Hacker One
added 2026/01/13 1:16 p.m.15 views

curl: Gopher Protocol Command Injection (SSRF Smuggling)

Summary The curl Gopher protocol handler is vulnerable to command injection through URL-encoded CRLF sequences in the path. This allows an attacker to "smuggle" additional Gopher selectors or arbitrary commands into a single Gopher request. By using %0d%0a in the URL, an attacker can break the...

8.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:43 a.m.5 views

CVE-1999-0124

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon...

10CVSS6.9AI score0.0184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.6 views

CVE-1999-0640

The Gopher service is running...

10CVSS7AI score0.01871EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/01/02 5:54 a.m.16 views

curl: CRLF Injection in Gopher Protocol (`lib/gopher.c`)

Control characters slip through during URL handling in curl’s Gopher setup. Though null bytes get blocked by the REJECTZERO setting, returns and line feeds remain permitted. A specially built address using percent-encoded breaks - like %0D%0A - opens room for command insertion. Because of how...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2025/12/24 12:25 a.m.17 views

curl: Protocol Smuggling / CRLF Injection via Gopher Protocol allows Arbitrary Command Injection

Summary: I have discovered that the Gopher protocol implementation in curl fails to properly sanitize newline characters %0d%0 in the selector path. This allows an attacker to inject arbitrary TCP commands when curl connects to a target server via gopher://. This vulnerability enables Protocol...

7.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.5 views

Oracle Linux 7 : squid (ELSA-2025-19167)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19167 advisory. - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 ...

10CVSS7.1AI score0.95785EPSS
Exploits6References2
Oracle linux
Oracle linux
added 2025/11/18 12:0 a.m.6 views

squid security update

7:3.5.20-17.0.9.13 - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - authentication credential leakage in error handling Orabug: 38587551 7:3.5.20-17.0.7.13 - Fixes CVE-2025-54574, add URN access disabling config options Orabug: 38350105 7:3.5.20-17.0.5.13 - Fixed cv...

10CVSS6.9AI score0.95785EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Double Free (CVE-2022-42915)

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS6.9AI score0.02927EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.3 views

Malicious code in incredible_gopher_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9e68c3b7c17f19f77d4594d269e7cf854b5270942a32bac51b985c5afcd814 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 10:56 p.m.2 views

MAL-2025-134276 Malicious code in incredible_gopher_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9e68c3b7c17f19f77d4594d269e7cf854b5270942a32bac51b985c5afcd814 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.5 views

Malicious code in driving_gopher_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7fba6dd5e534f7b51c2b37dc867bf9da1d1539de74b759d4f83cba05c0fb826 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.1 views

EUVD-2025-102106

Malicious code in spectaculargopherz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.3 views

EUVD-2025-100108

Malicious code in definitegopherz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.2 views

EUVD-2025-106242

Malicious code in characteristicgopherz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.1 views

EUVD-2025-94166

Malicious code in visitinggopherz3n npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/11 8:11 p.m.1 views

MAL-2025-120370 Malicious code in glorious_gopher_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab336d7d203ff581759b543fd2929e29ba227a1b541c92cecf75598c0e485362 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.1 views

EUVD-2025-106567

Malicious code in apparentgopherz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 3:19 p.m.1 views

EUVD-2025-88869

Malicious code in seriousgopherz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 3:19 p.m.1 views

EUVD-2025-91059

Malicious code in intensegopherz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:44 a.m.0 views

EUVD-2025-75457

Malicious code in terriblegopher-appteadev npm...

6.6AI score
Exploits0
Rows per page
Query Builder