15 matches found
EUVD-2012-3458
Malware in sbrugna...
EUVD-2013-1195
Malware in sbrugna...
EUVD-2016-6617
Malware in sbrugna...
CVE-2021-24472
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server...
CVE-2025-24346
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...
CVE-2025-24346
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...
CVE-2025-24346
CVE-2025-24346 affects ctrlX OS; a vulnerability in the web application's Proxy functionality lets a remote authenticated (low-privileged) user craft an HTTP request to modify the /etc/environment file. The CVSS v3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation details ar...
PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities
PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...
Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding
This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code. This project is comprised of the following elements: Harness.exe: The "victim" application which i...
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server Side Request Forgery and RFI Remote File Inclusion vulnerabilities on...
CVE-2021-29954
CVE-2021-29954 concerns a proxy vulnerability in Hubs Cloud’s Reticulum that permits access to internal URLs, including the metadata service. The affected product/version is Hubs Cloud ≤ mozillareality/reticulum/1.0.1/20210428201255. The connected documents describe the root cause as a misbehavin...
CVE-2021-29954
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210428201255...
Insecure Proxy Configuration in Hubs Cloud Reticulum — Mozilla
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service...
Trend Micro InterScan Messaging Security modTMCSS Command Injection (CVE-2017-11391; CVE-2017-11394)
A command injection vulnerability exists in Trend Micro InterScan Messaging Security virtual appliance. The vulnerability is due to improper validation of request parameters within the modTMCSS Proxy functionality. A remote, authenticated attacker could exploit the vulnerability by sending a...
Trend Micro InterScan Messaging Security Proxy Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Messaging Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...