No rate limit via proxy url parameter

Description Hi Drawio Team , Your proxy server has no limit of requests which an attacker can use it as PORT SCANNER. https://app.diagrams.net/proxy?url=IP:PORT&base64=1 Proof of Concept Image from my OWASP ZAP : https://ibb.co/h87hz3N...

Man-in-the-Middle Phishing Attack

Heres a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the...

Domain Name Relay Daemon 安全漏洞

Domain Name Relay Daemon DNRD is a Sourceforge open source caching, forwarding DNS proxy server. A security vulnerability exists in DNRD Domain Name Relay Daemon version 2.20.3, which stems from a domain name and its associated IP address being cached in its misinterpreted form, where the...

squid security update

CentOS Errata and Security Advisory CESA-2022:5542 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RLSA-2022:5526 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

[SECURITY] Fedora 35 Update: squid-5.6-1.fc35

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

ROS-20220628-03

A vulnerability in the Squid caching proxy server is related to assertion reachability when processing responses to the from the Gopher server. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted response to the proxy server and perform a denial o...

Envoy Access Control Error Vulnerability (CNVD-2022-82666)

Envoy is an open source distributed proxy server.An access control error vulnerability exists in versions of Envoy prior to 1.22.1, which stems from allowing access in the presence of an access token for additional requests. No detailed vulnerability details are currently available...

Envoy has an unspecified vulnerability (CNVD-2022-82668)

Envoy is an open source distributed proxy server.A security vulnerability exists in versions of Envoy prior to 1.22.1, which stems from the fact that OAuth filters will attempt to invoke the remaining filters in the chain after issuing a local response. No detailed vulnerability details are...

Envoy has an unspecified vulnerability (CNVD-2022-82665)

Envoy is an open source distributed proxy server. security vulnerability exists in versions prior to Envoy 1.22.1, which stems from secompressors accumulating decompressed data into an intermediate buffer before overwriting the body in decode/encodeBody, which can be exploited by attackers to...

Nginx NJS Denial of Service Vulnerability (CNVD-2022-66506)

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. njs is one of the scripting language components that supports extended NGINX functionality . A denial of service vulnerability exists in Nginx NJS version v0.7.2, which stems from a segmentatio...

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

CVE-2021-34360

The CVE-2021-34360 entry concerns a CSRF vulnerability in QNAP Proxy Server used in QTS 4.5.x (Proxy Server 1.4.2+), QuTS hero h5.0.0 (Proxy Server 1.4.3+), and QuTScloud c4.5.x (Proxy Server 1.4.2+). The issue allows remote attackers to inject malicious code via cross-site request forgery. The f...

CVE-2021-34360 CSRF Bypass in Proxy Server

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

GHSA-XR37-PJFH-QWWC Fortify Plugin stored credentials in plain text

Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission. Fortify Plugin 19.2.30 now encrypts the proxy server password...