Lucene search
K

41 matches found

OSV
OSV
added 2022/05/03 12:0 a.m.18 views

GHSA-RR33-J5P5-PPF8 GeoServer allows SSRF via the option for setting a proxy host

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.5CVSS7.5AI score0.18925EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/03 12:0 a.m.43 views

GeoServer allows SSRF via the option for setting a proxy host

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.5CVSS3.1AI score0.18925EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/05/02 12:15 a.m.13 views

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.5CVSS0.18925EPSS
Exploits0References4
OSV
OSV
added 2022/05/02 12:15 a.m.27 views

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.5CVSS7.6AI score
Exploits0References4
Prion
Prion
added 2022/05/02 12:15 a.m.18 views

Server side request forgery (ssrf)

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

5CVSS7.5AI score0.18925EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/05/01 11:17 p.m.20 views

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

7.7AI score0.18925EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/01 12:0 a.m.5 views

PT-2022-11312 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2 Description: The issue allows for Server-Side Request Forgery SSRF via the option for setting a proxy host. This means an attacker could potentially force the serv...

8.2CVSS7.4AI score0.18925EPSS
Exploits0References16
CNVD
CNVD
added 2021/10/08 12:0 a.m.10 views

Apache NiFi OS Command Injection Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system mediation logic. versions prior to Apache NiFi MiNiFi C version 0.5.0 have security vulnerabilities that allow an...

9.8CVSS4.6AI score0.04024EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/31 12:0 a.m.4 views

Haxx libcurl 安全漏洞

HAXX libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. HAXX libcurl suffers from a man-in-the-middle attack vulnerability that can be exploited by an attacker to act as a man-in-the-middle by...

4.3CVSS5.7AI score0.03141EPSS
Exploits1References26
Hacker One
Hacker One
added 2021/03/17 6:30 p.m.59 views

curl: CVE-2021-22890: TLS 1.3 session ticket proxy host mixup

Summary: I don't think that this can be easily exploitable, but I am submitting it as a security issue for precaution. I am not looking for a bounty. Commit 549310e907e82e44c59548351d4c6ac4aaada114 enables session resumption with TLS 1.3. Curl connections maintain two SSL contexts, one for the...

4.3CVSS5.4AI score0.03141EPSS
Exploits1
Hacker One
Hacker One
added 2020/01/25 2:57 a.m.193 views

Stripo Inc: Information disclosure through Server side resource forgery

Summary: The application https://my.stripo.email has a template feature where can we can enter html code. By including an iframe in the html template, I was able to make a call to my server. This exposed an internally running web application. Please refer below, 63.33.82.168 - -...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2014/12/27 2:19 p.m.45 views

CeWL - Custom WordList Generator Tool for Password Cracking

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL also has an associated command line app, FAB Files Already Bagged which uses the same meta...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2013/07/12 8:45 p.m.36 views

Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Tunnel communication over HTTP using SSL with custom proxy support This module requires Metasploit: https://metasploit.com/download Current source:...

Exploits0
CVE
CVE
added 2002/06/25 4:0 a.m.49 views

CVE-2002-0064

CVE-2002-0064 affects Funk Software’s Proxy Host v3.x on Windows 2000/NT4/9x. The issues include: (1) default filesystem and registry permissions granting the Everyone group excessive access, enabling modification of host settings and passwords; (2) passwords stored in recoverable formats (obfusc...

7.2CVSS6.7AI score0.00369EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2002/06/25 4:0 a.m.36 views

CVE-2002-0066

Funk Software Proxy Host 3.x contains multiple issues, primarily: (1) a Windows Named Pipe created by Proxy Host that is accessible with Everyone Full Control, allowing local/remote users to invoke configuration utilities and potentially gain privileges; (2) insecure password storage and recovery...

7.5CVSS6.9AI score0.01635EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.26 views

CVE-2002-0066

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges...

6.9AI score0.01635EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.25 views

CVE-2002-0065

Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry...

6.6AI score0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.23 views

CVE-2002-0064

Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system...

6.7AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2002/04/22 4:0 a.m.17 views

CVE-2002-0065

Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry...

7.2CVSS6.6AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2002/04/22 4:0 a.m.14 views

CVE-2002-0064

Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system...

7.2CVSS6.7AI score0.00369EPSS
Exploits0References3
Rows per page
Query Builder