269 matches found
Squid SNMP Module asn_parse_header() Function Remote DoS
The remote Squid caching proxy, according to its version number, may be vulnerable to a remote denial of service attack. This flaw is caused due to an input validation error in the SNMP module, and exploitation requires that Squid not only was built to support it but also configured to use it. An...
CVE-2002-0990
The web proxy component in Symantec Enterprise Firewall SEF 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service connection resource exhaustion via multiple connection requests to domains whose DNS server...
RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Arbitrary File Access
source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A remote attacker may exploit this...
RiSearch 0.99 /RiSearch Pro 3.2.6 - show.pl Open Proxy Relay
source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A remote attacker may exploit this...
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Arbitrary File Access
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Arbitrary File Access source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on us...
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user...
ArbitroWeb v0.6 Javascript injection vulnerability
vendor: ArbitroWeb about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of scripts, all URL's contained will be adjusted/mangled to it's own scripts. date: june 22nd, 2004 vendor status: ? problem: javascript can be injected into the...
CVE-2004-1754
The DNS proxy DNSd for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records...
CVE-2004-0409
Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code...
Squid Proxy 2.42.5 - NULL URL Character Unauthorized Access
Squid Proxy 2.42.5 - NULL URL Character Unauthorized Access source: https://www.securityfocus.com/bid/9778/info It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to...
Inktomi Traffic-Server XSS: man-in-the-middle XSS !
Please we would like that credits of this vulnerability go to INFOHACKING Hugo Vбzquez Caramйs and Toni Cortйs Martinez. Actually we work at "Secdor R&D". The vulnerabily was found, once again, during a pen-test. INKTOMI Traffic-Server XSS We have just discovered a bug in a software called "Inkto...
CVE-2002-0538
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability...
Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite well known i.e. ancient type of proxy vulnerability was found for TrendMicro's InterScan VirusWall V3.6 This general problem has been known to be an issue with plain HTTP proxies like the Squid for ages e.g...
CVE-2002-0990
The web proxy component in Symantec Enterprise Firewall SEF 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service connection resource exhaustion via multiple connection requests to domains whose DNS server...
Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks
Date: August 3, 2002 Author: Stan Bubrouski Product: 602Pro LAN SUITE 2002 Version: 2002 Vendor: Software602, Inc. Summary: Denial of Service attacks in webserver and telnet proxy Description: There are two denial of service attacks in 602Pro LAN SUITE 2002 for windows. The problems are described...
CVE-2002-0714
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses...
CVE-2002-0538
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability...
Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy
The remote Compaq Web Management Agent install can be used as an HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks. Written by H D Moore Changes by Tenable: - Revised plugin title, changed family 1/21/2009 include"compat.inc"; ifdescription...
VirusWall HTTP proxy content scanning circumvention
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FOR PUBLIC RELEASE - ------------------------------------------------------------------------ Inside Security GmbH Vulnerability Notification Revision 0.3 2002-03-10 - ------------------------------------------------------------------------ The latest...
CheckPoint FW1 HTTP Security Hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite known proxy vulnerability was found for FW1 V4.1 SP5 plus hotfixes - thanks to Ryan Snyder for announcing the first bits on Firewall-1 mailing list. If you connect to a server you are allowed to connect to via HTTP proxy e.g. a comm...