SUSE-SU-2023:2280-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixed a denial of service issue in multipart request parsing bsc1209096. Non-security fixes: - Fixed transactional...

CVE-2023-32681

A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization...

Unintended Leaks Of Proxy-Authorization Header

requests is vulnerable to Unintended Leaks Of Proxy-Authorization Header. The vulnerability exists in the rebuildproxies function of sessions.py when the credentials are supplied in the URL user information component such as https://username:password@proxy:8080, which allows an attacker to gain...

GHSA-J8R2-6X86-Q33Q Unintended leak of Proxy-Authorization header in requests

Impact Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization header to...

Unintended leak of Proxy-Authorization header in requests

Impact Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization header to...

PT-2023-3599

Name of the Vulnerable Software and Affected Versions Requests versions 2.3.0 through 2.30.0 Description The issue is related to the leaking of Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This occurs due to how the rebuild proxies function is used to...

Tinyproxy: Memory Disclosure

Background Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Description Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages. Impact Contents of the Tinyproxy server's memory could be disclosed via generated error pages...

firefox security update

102.11.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.11.0-2 - Update to 102.11.0 build2 102.11.0-1 - Update to 102.11.0 build1...

TFTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)

Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/tftp/x64/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION m...

TFTP Fetch, Windows x64 Reverse HTTPS Stager (winhttp)

Fetch and execute an x64 payload from a TFTP server. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/tftp/x64/vncinject/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...

HTTPS Fetch, Windows x64 Command Shell, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/https/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION m...

HTTPS Fetch, Windows Command Shell, Encrypted Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/cmd/windows/https/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

HTTPS Fetch, Windows x64 LoadLibrary Path

Fetch and execute an x64 payload from an HTTPS server. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/https/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set...

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/vncinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/peinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...sh...

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show an...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...