3proxy-overflow.txt

/ Fedora Core 5,6 exec-shield based 3proxy HTTP Proxy 3proxy-0.5.3g.tgz remote overflow root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

3proxy 0.5.3g - exec-shield 'proxy.c logurl()' Remote Overflow

/ Fedora Core 5,6 exec-shield based 3proxy HTTP Proxy 3proxy-0.5.3g.tgz remote overflow root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

CVE-2007-2031

Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests...

CVE-2007-2031

Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests...

CVE-2007-2031

The CVE-2007-2031 issue affects the 3proxy HTTP proxy. The connected sources confirm a buffer/stack overflow in 3proxy’s HTTP proxy handling, specifically in the logurl() function as part of processing overly long requests. Affected versions include 3proxy 0.5 through 0.5.3g and 0.6b-devel prior ...

Fixed in Apache Tomcat 5.5.22, 5.0.SVN

Important: Directory traversal CVE-2007-0450 The fix for this issue was insufficient. A fix was also required in the JK connector module for httpd. See CVE-2007-1860 for further information. Tomcat permits '', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy including, but...

3proxy user account locking

It's possible to lock user's account if user's password is stored as NT-hash via HTTP proxy. Service restart or configuration reload is required to restore account in working state. In addition, Basic authentication is offered as first authentication protocol, it can lead to shoosing weak clearte...

[Full-disclosure] Medium level security hole in FreeProxy

The FreeProxy HTTP proxy server suffers from a denial of service condition which causes the server to hang. This occurs when an attacker makes a request for the hostname/portnumber combination in use by the server itself. The vendor was notified on the 10th January 2007 and a fix was made availab...

PHProxy Detection

The remote host is running PHProxy, a PHP-based HTTP proxy intended to bypass firewall and other proxy restrictions. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid24261; scriptversion"1.12";...

Moderate: Red Hat Security Advisory: flash-plugin security update

An updated Adobe Flash Player package that fixes a security issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. A flaw was found in t...

FlatNuke用户数据任意PHP代码执行漏洞 Exploit

No description provided by source. ?php / Aug 2005, 4th Flatnuke 2.5.5 possibly prior versions remote code execution by rgod site: http://rgod.altervista.org thanks to UlisseHacker... : make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on...

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...

CVE-2006-4409

The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...

CVE-2006-4409

The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...

CVE-2006-5037

MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...

CVE-2006-5036

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sqremotepageurl parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The...

CVE-2006-5037

CVE-2006-5037 affects MySource Matrix versions after 3.8. The issue allows remote attackers to use the application as an HTTP proxy via a MIME-encoded URL in the sq_content_src parameter, enabling access to arbitrary sites using the server’s IP and enabling cross-site scripting (XSS). The PT-2006...

CVE-2006-5036

CVE-2006-5036 affects MySource Matrix 3.8 and earlier and MySource 2.x. The issue stems from the parameter sq_remote_page_url , which can be abused to make the application act as an HTTP proxy, enabling access to arbitrary sites using the server IP and enabling cross‑site scripting (XSS). Impact ...

CVE-2006-5036

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sqremotepageurl parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The...

mysource 2.14.8/2.16 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site scripting attacks. An attacker may...