EUVD-2013-6960

Malware in sbrugna...

CVE-2002-2337

Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets...

CVE-2024-13405 Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block

The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awpipdeny' page. This makes it possible for unauthenticated attackers to block IP addresses via a...

CVE-2022-2362 Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

WordPress Download Manager plugin <= 3.2.49 - Bypass IP Address Blocking Restriction vulnerability

Bypass IP Address Blocking Restriction vulnerability discovered by Raad Haddad in WordPress Download Manager plugin versions = 3.2.49. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.50...

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. PoC When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing

The plugin uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abuse...

CVE-2021-31552

CVE-2021-31552 affects MediaWiki’s AbuseFilter extension up to 1.35.2. The flaw allows certain rules that block after account creation to block only the originating IP, not the user account, enabling an unprivileged actor to create accounts while the IP is blocked and potentially enumerate relate...

CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...

Cross site scripting

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...

CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...

CVE-2012-4380

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors...

OpenGB 1.2.3 Cross Site Scripting

OpenGB version 1.2.3 Cross Site Scripting XSS Vulnerability ================================================================= Discovered by NA, NAattutanota.com ====================================== Description ============ A simple PHP MySQL website guestbook, user friendly and easily...

OpenGB 1.2.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications OpenGB version 1.2.3 Cross Site Scripting XSS Vulnerability ================================================================= Discovered by NA, NAattutanota.com ====================================== Description ============ A simple PHP MySQL...

MGASA-2015-0486 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

Design/Logic Flaw

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

[(D)DoS Deflate] Script designed to block a denial of service attack

DoS+Deflate.gif DDoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest...

CVE-2002-2337

CVE-2002-2337 affects Kaspersky Anti-Hacker 1.0. When configured to automatically block attacks, the product allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. The provided sources describe the affected product and impact but do not offer concrete rem...