Lucene search
K

174 matches found

Prion
Prion
added 2022/03/21 7:15 p.m.14 views

Design/Logic Flaw

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

7.5CVSS9.3AI score0.01582EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/03/21 6:50 p.m.55 views

CVE-2022-24766 Insufficient Protection against HTTP Request Smuggling in mitmproxy

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS9.6AI score0.01582EPSS
Exploits0References3
CVE
CVE
added 2022/03/21 6:50 p.m.142 views

CVE-2022-24766

Mitmproxy vulnerability CVE-2022-24766 affects mitmproxy

9.8CVSS9.3AI score0.01582EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/21 6:50 p.m.25 views

CVE-2022-24766 Insufficient Protection against HTTP Request Smuggling in mitmproxy

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS9.2AI score0.01582EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/03/21 6:50 p.m.33 views

CVE-2022-24766

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS9.4AI score0.01582EPSS
Exploits0
Huntr
Huntr
added 2021/12/26 12:23 p.m.24 views

Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Title XSS in markdown link-maker Description While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified. Steps to reproduce. Note: this works in Safari and Firefox, not Chrome. I will use Telegram bot. 1. 1. Start a conversatio...

5.8CVSS0.2AI score0.00788EPSS
Exploits1
Huntr
Huntr
added 2021/12/25 7:53 a.m.43 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Title Stored XSS in customattributes Description Relying on frontend URI check without verifying it on the backend allows to inject arbitrary JS code. Steps to reproduce 1. 1. Create a custom attribute, set its type to Link 2. 2. Navigate to any conversation, click on the right sidebar. 3. 3...

4.3CVSS0.9AI score0.00856EPSS
Exploits1
Prion
Prion
added 2021/12/08 6:15 p.m.19 views

Authentication flaw

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

6.4CVSS9.3AI score0.00955EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/08 5:51 p.m.22 views

CVE-2021-41030

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

5.4CVSS9.6AI score0.00955EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/09/29 2:59 p.m.20 views

Replaying / intercepting a password reset POST request can allow for valid username enumeration

h3. Issue Summary Under certain conditions it's possible to enumerate valid usernames by replaying one of the password reset HTTP requests. h3. Steps to Reproduce Request a password reset email Open the password reset mail and click the link to open your browser Intercept the POST request of the...

Exploits0
OSV
OSV
added 2021/09/16 3:15 p.m.19 views

CVE-2021-39214

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS9.4AI score
Exploits0References1
Prion
Prion
added 2021/09/16 3:15 p.m.19 views

Design/Logic Flaw

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

7.5CVSS9.3AI score0.01093EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2021/09/16 3:15 p.m.6 views

PYSEC-2021-328

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS6.9AI score0.01093EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2021/09/16 3:15 p.m.35 views

CVE-2021-39214

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS7AI score0.01093EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2021/09/16 3:10 p.m.24 views

CVE-2021-39214

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS8.9AI score0.01093EPSS
Exploits0
CVE
CVE
added 2021/09/16 3:10 p.m.100 views

CVE-2021-39214

CVE-2021-39214 affects mitmproxy: in versions 7.0.2 and earlier, a malicious client or server can perform HTTP request smuggling through mitmproxy, causing the smuggled request/response to be embedded in another HTTP message body and bypass standard event hooks and local checks. Reported impact i...

9.8CVSS8.8AI score0.01093EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/02 10:24 a.m.19 views

CVE-2021-34574 Password policy evasion in products of MB connect line and Helmholz

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

4.3CVSS4.9AI score0.00659EPSS
Exploits0References2
Prion
Prion
added 2021/07/09 2:15 p.m.20 views

Design/Logic Flaw

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...

5CVSS7.7AI score0.05701EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/07/09 1:22 p.m.23 views

CVE-2021-30120 2FA bypass in Kaseya VSA <= v9.5.6

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...

9.9CVSS9.7AI score0.05701EPSS
Exploits0References3
Hacker One
Hacker One
added 2021/06/01 12:8 a.m.13 views

Reddit: IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter

Summary: This vulnerability consist of modifying the PayPal transaction ID to buy a big coin pack but paying the small price for it. Impact: The only impact here could be that you don't earn the money you deserve, and users can offer a lot of presents to other users, breaking the magic of the...

0.3AI score
Exploits0
Rows per page
Query Builder