1138 matches found
CVE-2024-41813
CVE-2024-41813 (txtdot SSRF) : The impact is a Server-Side Request Forgery in the /proxy route of txtdot, where versions 1.4.0 through 1.6.0 allow an attacker to use the server as a proxy to issue HTTP GET requests to arbitrary targets, potentially exposing internal network information. The issue...
CVE-2024-41812
TxtDot, an HTTP proxy, is affected by a Server-Side Request Forgery (SSRF) vulnerability in the /get route prior to version 1.7.0. An attacker can use the server as a proxy to send HTTP GET requests to arbitrary targets and access internal-network information. Version 1.7.0 mitigates by not displ...
CVE-2024-41812 txtdot SSRF vulnerability in /get
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...
CVE-2024-41812 txtdot SSRF vulnerability in /get
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...
CVE-2024-41812 txtdot SSRF vulnerability in /get
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...
Malicious code in aio-http-proxy-support (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4754 Malicious code in aio-http-proxy-support (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaanԁeren.Basіsregіsters.NisCоdeService.Proxy.HttpProxy (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Bе.Vlaaոderen.Basisregisters.TicketingService.Proxy.HttpProxy (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Bе.Vlaaոderen.Basisregіsters.TicketingServiсe.Proxy.HttpProxy (NuGet)
--- -= Per source details. Do not edit below this line.=-...
[SECURITY] [DSA 5705-1] tinyproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq -...
RHEL 8 : odo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-0536 - golang:...
RHEL 6 : squid (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - squid: Heap overflow issue in URN processing CVE-2019-12526 - squid: Buffer overflow in reverse-proxy...
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution
Cisco Talos Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group -- one in the Tinyroxy HTTP proxy daemon and another in the stbvorbis.c file library -- could lead to arbitrary code...
Exploit for Use After Free in Tinyproxy_Project Tinyproxy
!Profile Visitorshttps://komarev.com/ghpvc/?username=d0rb&la...
MAL-2024-1164 Malicious code in paysafe-gpf-as-http-proxy-middleware-body-replace (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69515fe4abb4869b5999b249c8de31a55fd23bda38e3bd9de3c58c5c245bc5b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
BioTime Directory Traversal / Remote Code Execution
. . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on 9.0.1 Build:20240108.18753 BioTime, "time" for shellz! https://claroty.com/team82/disclosure-dashboard/cve-2023-38952...
Apache Archiva Reflected Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...
CVE-2024-27140
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended...