tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

Authentication Bypass

Apache Tomcat is vulnerable to Authentication Bypass. The vulnerability is due to improper validation between the TLS SNI hostname and the HTTP Host header, allowing a client to send mismatched hostnames and bypass client certificate authentication in configurations with multiple virtual hosts...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

EUVD-2007-6618

Malware in sbrugna...

EUVD-2008-0724

Malware in sbrugna...

Code Agent Can Be an End-To-End System Hacker: Benchmarking Real-World Threats of Computer-Use Agent

Computer-use agent CUA frameworks, powered by large language models LLMs or multimodal LLMs MLLMs, are rapidly maturing as assistants that can perceive context, reason, and act directly within software environments. Among their most critical applications is operating system OS control. As CUAs in...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-6543CitrixNetScalerPoC Multi-host, multi-port scann...

io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

Fedora: Security Advisory for frysk (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: frysk-0.4-94.fc40

Frysk is an execution-analysis technology implemented using native Java and C++. It is aimed at providing developers and sysadmins with the ability to both examine and analyze running multi-host, multi-process, multi-threaded systems. Frysk allows the monitoring of running processes and threads, ...

Ratpack's default client side session signing key is highly predictable

Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...

GHSA-2CC5-23R7-VC4V Ratpack's default client side session signing key is highly predictable

Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...

Default configuration

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

CVE-2021-29480 Default client side session signing key is highly predictable

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

Mihalism Multi Host 5.0.3 Cross Site Request Forgery / Cross Site Scripting

================================================================================ Mihalism Multi Host v5.0.3 Xss-Csrf ================================================================================ Vendor Homepage: www.mihalism.net Date: 10/02/2016 Version : v5.0.3 Author: Ashiyane Digital Securi...

Mihalism Multi Host 4.0.0 - Upload Vulnerability

No description provided by source...

Exploit Title: Mihalism Multi Host v 5.0

Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...

Mihalism Multi Host 5.0 Cross Site Scripting

Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...

Mihalism Multi Host - users.php Cross-Site Scripting

Mihalism Multi Host - users.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55237/info Mihalism Multi Host is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...