10 matches found
EUVD-2020-30953
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...
PT-2026-5465
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...
PT-2025-53608
Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.27.0 through 1.27.9 Description An attacker could disrupt access to RSS feeds for all users of an instance by manipulating the proxy settings to send a large number of 429 Retry-After requests. This denial of service makes...
UBUNTU-CVE-2023-46121
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
GO-2022-0761 Improper input validation in net/http and net/http/cgi
An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Proxy header, which changes where Go by default proxies all outbound HTTP requests. This environment variable is also used to set the outgoing proxy, enabling an attacker to insert a...
squid: Improper input validation in request allows for proxy manipulation
A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...
GitLab: Injection of `http.<url>.*` git config settings leading to SSRF
Summary When import a repo with credentials via a URL, gitaly generates the git clone command with a -c flag to add the Authorization header: https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/service/repository/createfromurl.goL37 go flags = appendflags, git.ValueFlagName: "-c", Value:...
Apache HTTP Server 2.2.x < 2.2.32 Multiple Vulnerabilities
Binary data 9486.prm...
Apple Fixes Cookie Access Vulnerability in Safari on Billions of Devices
When Apple pushed out its most recent round of patches last week it fixed a cookie vulnerability that existed in all versions of Safari, including those that run on iOS, OS X, and Windows. According to researchers who dug it up, the number of affected devices may total one billion. The issue –...
Apple Fixes Proxy Manipulation Vulnerability in iOS 8.3
If left unpatched, one of the vulnerabilities fixed in this week’s iOS update could render an iPhone near useless. If triggered, it could cause networking apps to quit, the system to grind to a halt. In some cases, the device wouldn’t even be able to be rebooted. The vulnerability, nicknamed...