Lucene search
K

5908 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.243 views

Flexense HTTP Server Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...

7.5CVSS7AI score0.76544EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.292 views

Squid Proxy Range Header Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Squid Proxy Range Header DoS', 'Description' = %q The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from...

6.5CVSS7AI score0.95785EPSS
Exploits2
OSV
OSV
added 2024/08/29 6:31 p.m.12 views

GHSA-5X5Q-CQF6-GJ8R Serilog Client IP Spoofing vulnerability

Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...

6.9CVSS6.5AI score0.00322EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/08/29 6:31 p.m.30 views

Serilog Client IP Spoofing vulnerability

Serilog before v2.1.0 contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. It is not possible to configure...

6.5CVSS6.9AI score0.00322EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/08/29 6:15 p.m.23 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS0.00322EPSS
Exploits0References2
OSV
OSV
added 2024/08/29 6:15 p.m.12 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

6.5CVSS7AI score
Exploits0References2
Cvelist
Cvelist
added 2024/08/29 12:0 a.m.32 views

CVE-2024-44930

Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

0.00322EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 12:0 a.m.57 views

CVE-2024-44930

Summary of CVE-2024-44930 : Serilog (Serilog.Enrichers.ClientInfo) before v2.1.0 is affected by a Client IP Spoofing vulnerability. Attackers can falsify the client IP by supplying an arbitrary IP in the X-Forwarded-For or Client-Ip headers during HTTP requests. Affected component/functionality i...

6.5CVSS7.2AI score0.00322EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/08/28 3:15 p.m.32 views

CVE-2024-34198

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlanssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long...

9.8CVSS0.00662EPSS
Exploits1References1
CVE
CVE
added 2024/08/28 12:0 a.m.70 views

CVE-2024-34198

The CVE-2024-34198 case covers TOTOLINK AC1200 Wireless Router A3002RU (V2.1.1-B20230720.1011). A vulnerability in the boa-based formWlEncrypt CGI handler fails to bound the wlan_ssid input, enabling a crafted HTTP request with an excessively long wlan_ssid to trigger a stack overflow. Documented...

9.8CVSS7.8AI score0.00662EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/26 12:30 a.m.15 views

GHSA-CJ55-GC7M-WVCQ req may send an unintended request when a malformed URL is provided

The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...

7.2CVSS10AI score0.00724EPSS
Exploits0References5
OSV
OSV
added 2024/08/23 11:8 a.m.4 views

OESA-2024-2052 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...

8.3CVSS6.4AI score0.01109EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.5 views

PT-2024-9470 · Veeam · Veeam Service Provider Console

Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console versions prior to 8.1.0.21377 Description: A vulnerability in Veeam Service Provider Console has been identified, which allows an attacker to perform arbitrary HTTP requests to arbitrary hosts of the network and...

6.5CVSS6.5AI score0.00242EPSS
Exploits0References12
NVD
NVD
added 2024/08/19 9:15 p.m.25 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

5.3CVSS0.00591EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/08/19 12:0 a.m.16 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

7.5AI score0.00591EPSS
Exploits3References2
CVE
CVE
added 2024/08/19 12:0 a.m.55 views

CVE-2024-35538

Summary (CVE-2024-35538) : Typecho v1.3.0 contains a Client IP Spoofing vulnerability. An attacker can falsify their IP address by supplying an arbitrary value in the X-Forwarded-For or Client-Ip HTTP headers during requests. Affected version: Typecho 1.3.0 (and earlier per sources). The vulnerab...

5.3CVSS7.5AI score0.00591EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2024/08/19 12:0 a.m.23 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

0.00591EPSS
Exploits3References2
CNVD
CNVD
added 2024/08/16 12:0 a.m.3 views

Tenda FH1201 Command Execution Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a command execution vulnerability that stems from a problem with the handler function in /goform/telnet, which can be exploited by an attacker to execute arbitrary commands via specially crafted HTTP requests...

9.8CVSS8.1AI score0.0098EPSS
Exploits1References1
NVD
NVD
added 2024/08/14 9:15 p.m.21 views

CVE-2024-42353

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

6.1CVSS0.00497EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/14 8:12 p.m.23 views

CVE-2024-42353 WebOb's location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

6.1CVSS0.00497EPSS
Exploits1References2
Rows per page
Query Builder