Server side request forgery (ssrf)

The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery SSRF when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information...

GHSA-J68F-8H6P-9H5Q Struts ParameterInterceptor vulnerability allows remote command execution

Regular expression in ParametersInterceptor matches top'foo' as a valid expression, which OGNL treats as top'foo'0 and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and hav...

DEBIAN-CVE-2022-27416

Tcpreplay v4.4.1 was discovered to contain a double-free via interceptorfree...

CVE-2022-27416

Tcpreplay v4.4.1 was discovered to contain a double-free via interceptorfree...

UBUNTU-CVE-2022-27416

Tcpreplay v4.4.1 was discovered to contain a double-free via interceptorfree...

PT-2022-18411 · Tcpreplay +4 · Tcpreplay +4

Name of the Vulnerable Software and Affected Versions: Tcpreplay version 4.4.1 Description: A double-free issue was discovered via interceptor free. Recommendations: For Tcpreplay version 4.4.1, at the moment, there is no information about a newer version that contains a fix for this issue...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server...

CVE-2021-46334

Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component interceptorstrcat...

CVE-2021-46334

Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component interceptorstrcat...

IBM WebSphere Application Server Elevation of Privilege Vulnerability (CNVD-2021-42146)

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in WebSphere Application Server tha...

CVE-2021-29754

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor TAI. IBM X-Force ID: 202006...

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. A remote malicious party could, by exploiting this vulnerability to gain elevated privileges within the application server. This vulnerability is only exploitable when using SAML Web Inbound Trust Association Interceptor TAI. IBM...

Security Bulletin: WebSphere Application Server is vulnerable to a Privilege Escalation vulnerability (CVE-2021-29754)

Summary WebSphere Application Server is vulnerable to a privilege escalation vulnerability. This has been addressed. Vulnerability Details CVEID: CVE-2021-29754 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trus...

IBM WebSphere Application Server 安全漏洞

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in WebSphere Application Server tha...

Open redirect

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...

U.S. Dept Of Defense: Reflected XSS www.█████ search form

Description: Reflected XSS vulnerabilities arise when the application accepts a malicious input script from a user and then this is executed in the victim's browser.Since the XSS is reflected, the attacker has to trick the victim into executing the payload, usually using another website. In this...

Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,...

Arbitrary Code Execution

httpha-invoker is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using...

Nord Security: Email address is not validated, No Rate Limit and RCE On Forgot Password Page Of affiliates.nordvpn.com

Go to https://affiliates.nordvpn.com/users/forgotpassword. Enter arbitrary string like %0a or %0a%0d as email. It says, No user account was found for the address given, which proves the query are going till the database. Intercept request using Burp Interceptor, copy to intruder Copy some 300...

CVE-2019-8110

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code...