Lucene search
K

541 matches found

Hacker One
Hacker One
added 2016/06/14 4:51 p.m.73 views

Sucuri: SSRF in sitecheck.sucuri.net

Hi, Sucuri Security Team. I found a SSRF in https://sitecheck.sucuri.net/ Although there was already an protection to prevent SSRF, but it can be bypassed by 302 redirection! ssrf.php https://sitecheck.sucuri.net/results/orange.tw/ssrf.php And your port will receive "HELLO WORLD" orange@z:$ nc -v...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/02/10 6:53 p.m.404 views

Imgur: SSRF in https://imgur.com/vidgif/url

Hello, Short description ======== https://imgur.com/vidgif/url endpoint is vulnerable to a SSRF vulnerability which allows an attacker to craft connections originating from imgur servers to any destination on the internet and imgur internal network and craft outgoing UDP-packets / telnet-based...

9CVSS9AI score0.11027EPSS
Exploits0
Kitploit
Kitploit
added 2016/01/28 10:19 p.m.28 views

XXEinjector - Tool For Automatic Exploitation Of XXE Vulnerability

XXEinjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications. Options --host Mandatory - our IP address for reverse connections. --host=192.168.0.2 --file Mandatory - fil...

8.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2014/09/10 12:0 a.m.31 views

CentOS Update for squid CESA-2014:1147 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.3AI score0.5622EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Gopher <= 3.0.9 (+VIEWS) Remote (Client Side) Buffer Overflow Exploit

No description provided by source. / gopherv3.0.9+: remote client buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xgopher-client.c -o xgopher-client syntax: ./xgopher-client port bindshell port The Internet Gopher Client is based on the UMN Gopher/Gopherd 2.3....

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

ZBServer Pro 1.5 - Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/889/info ZBSoft ZBServer Pro is an Internet and Intranet server that supports HTTP, Gopher, FTP and Chat Services. ZBServer is available for Microsoft Windows operating systems. ZBServer Pro 1.5 has an unchecked buffer in...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.37 views

MS IE 5/6,MS ISA Server 2000,MS Proxy Server 2.0 Gopher Client Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/4930/info Microsoft Internet Explorer, Proxy Server and ISA Server includes a gopher client. Reportedly, these clients are vulnerable to a buffer overflow condition. The vulnerability exists in the component that parses...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

UMN Gopherd 2.x Halidate Function Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1591/info It is possible to either execute arbitrary code or crash a remote system running University of Minnesota's Gopher Daemon, depending on the data entered. An unchecked buffer exists in the 'halidate' function of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

ZBServer Pro 1.5 - Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/889/info ZBSoft ZBServer Pro is an Internet and Intranet server that supports HTTP, Gopher, FTP and Chat Services. ZBServer is available for Microsoft Windows operating systems. ZBServer Pro 1.5 has an unchecked buffer in...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.28 views

openSUSE Security Update : squid3 (openSUSE-SU-2011:1018-1)

This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code CVE-2011-3205. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update squid3-5094. The text description of...

6.8CVSS8.3AI score0.27454EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/06/03 4:16 p.m.36 views

Moderate: Red Hat Security Advisory: squid security update

Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5CVSS7.3AI score0.3263EPSS
Exploits1References2
Fedora
Fedora
added 2014/04/02 9:19 a.m.32 views

[SECURITY] Fedora 20 Update: squid-3.3.12-1.fc20

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

5CVSS8.8AI score0.3263EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/21 12:0 a.m.73 views

cURL/libcURL SSL证书验证安全限制绕过漏洞

BUGTRAQ ID: 66296 CVE ID: CVE-2014-2522 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL在服务器证书的验证上存在安全漏洞,成功利用后可导致中间人攻击或服务器欺骗。 0 cURL 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://curl.haxx.se/...

4CVSS8.6AI score0.02576EPSS
Exploits1
NVD
NVD
added 2013/09/05 11:44 a.m.15 views

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

3.5CVSS6.2AI score0.01382EPSS
Exploits5References1
Prion
Prion
added 2013/09/05 11:44 a.m.15 views

Design/Logic Flaw

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

3.5CVSS6.7AI score0.01382EPSS
Exploits5References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.38 views

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

10CVSS8.2AI score0.45113EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.46 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

10CVSS8.2AI score0.45113EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.27 views

Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0781)

From Red Hat Security Advisory 2010:0781 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base...

9.3CVSS8.8AI score0.04644EPSS
Exploits0References8
seebug.org
seebug.org
added 2013/04/17 12:0 a.m.48 views

curl / libcURL &quot;tailmatch()&quot; Cookie信息泄露漏洞

CVECAN ID: CVE-2013-1944 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL 7.29.0及之前版本的函数"tailmatch" lib/cookie.c通过matching tail根据域名匹配cookie路径域时出错,导致泄露另一个域的cookie。 0 cURL 7.x 厂商补丁: cURL ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://curl.haxx.se/...

5CVSS8.9AI score0.04986EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/03/11 6:48 p.m.8 views

OpenJDK: disable Gopher support by default (Gopher, 7189567)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking...

7.4AI score0.02172EPSS
Exploits0References5
Rows per page
Query Builder