41 matches found
GHSA-RR33-J5P5-PPF8 GeoServer allows SSRF via the option for setting a proxy host
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
GeoServer allows SSRF via the option for setting a proxy host
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
CVE-2021-40822
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
CVE-2021-40822
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
Server side request forgery (ssrf)
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
CVE-2021-40822
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...
PT-2022-11312 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2 Description: The issue allows for Server-Side Request Forgery SSRF via the option for setting a proxy host. This means an attacker could potentially force the serv...
Apache NiFi OS Command Injection Vulnerability
Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system mediation logic. versions prior to Apache NiFi MiNiFi C version 0.5.0 have security vulnerabilities that allow an...
Haxx libcurl 安全漏洞
HAXX libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. HAXX libcurl suffers from a man-in-the-middle attack vulnerability that can be exploited by an attacker to act as a man-in-the-middle by...
curl: CVE-2021-22890: TLS 1.3 session ticket proxy host mixup
Summary: I don't think that this can be easily exploitable, but I am submitting it as a security issue for precaution. I am not looking for a bounty. Commit 549310e907e82e44c59548351d4c6ac4aaada114 enables session resumption with TLS 1.3. Curl connections maintain two SSL contexts, one for the...
Stripo Inc: Information disclosure through Server side resource forgery
Summary: The application https://my.stripo.email has a template feature where can we can enter html code. By including an iframe in the html template, I was able to make a call to my server. This exposed an internally running web application. Please refer below, 63.33.82.168 - -...
CeWL - Custom WordList Generator Tool for Password Cracking
CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL also has an associated command line app, FAB Files Already Bagged which uses the same meta...
Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy
Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Tunnel communication over HTTP using SSL with custom proxy support This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2002-0064
CVE-2002-0064 affects Funk Software’s Proxy Host v3.x on Windows 2000/NT4/9x. The issues include: (1) default filesystem and registry permissions granting the Everyone group excessive access, enabling modification of host settings and passwords; (2) passwords stored in recoverable formats (obfusc...
CVE-2002-0066
Funk Software Proxy Host 3.x contains multiple issues, primarily: (1) a Windows Named Pipe created by Proxy Host that is accessible with Everyone Full Control, allowing local/remote users to invoke configuration utilities and potentially gain privileges; (2) insecure password storage and recovery...
CVE-2002-0066
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges...
CVE-2002-0065
Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry...
CVE-2002-0064
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system...
CVE-2002-0065
Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry...
CVE-2002-0064
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system...