Design/Logic Flaw

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator...

CVE-2019-9867

The CVE-2019-9867 issue affects Veritas NetBackup Appliance Web Console up to version 3.1.2, where the proxy server password is disclosed to an administrator. The available records do not specify the root cause details, vulnerable component version beyond the Web Console, or explicit exploitation...

CVE-2019-9867

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator...

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

pfSense 2.4.4-p1 HAProxy Package 0.5914 - Persistent Cross-Site Scripting Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N...

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953...

Metasploit Cheat Sheet

The Metasploit Project is a computer security project that provides information on vulnerabilities, helping in the development of penetration tests and IDS signatures. Metasploit is a popular tool used by pentest experts. Metasploit : Search for module: msf search regex Specify and exploit to use...

CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...

CVE-2019-5754

CVE-2019-5754 affects Google Chrome’s QUIC networking implementation. Root cause: an implementation error in QUIC networking prior to version 72.0.3626.81. Consequence: an attacker who can cause the use of a proxy server can obtain cleartext of the transport encryption via a malicious network pro...

CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...

CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...

Denial Of Service (DoS)

undertow-core is vulnerable to denial of service attacks. The vulnerability exists when a GET request with very long URL about 1900 characters which exceeds the default buffer sizes is sent to the proxy server, it consumes 100% CPU and fills the disk space by generating logs very fast with an...

CVE-2018-6335

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

[SECURITY] Fedora 29 Update: squid-4.4-1.fc29

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

Squid 3.2.0.11 < 3.x < 3.5.18 / 4.x < 4.0.10 Cache Poisoning Vulnerability (SQUID-2016:7)

According to its banner, the version of Squid running on the remote host is 3.x after 3.2.0.11 and prior to 3.5.18, or 4.x prior to 4.0.10. It is, therefore, affected by a cache poisoning vulnerability in the handling of HTTP requests. Note that Nessus has not tested for this issue but has instea...

Citrix MAS -12.1-Unable to register Agent with ADM via Proxy server

You will see a following message in the logs. /var/log$ cat mpsboot.log | more ===================== Wed Oct 17 00:40:46 GMT 2018mps.sh:: start of mps boot process Wed Oct 17 00:40:46 GMT 2018mps.sh:: calling mpsstart.sh Wed Oct 17 00:40:46 GMT 2018mpsstart.sh:: start Wed Oct 17 00:40:46 GMT...

Design/Logic Flaw

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP Server Controller HUB Node products which are controlled by HUB. The prerequisite is that the attacker is on the same network as the target HUB, and can use I...

CVE-2018-19982

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP Server Controller HUB Node products which are controlled by HUB. The prerequisite is that the attacker is on the same network as the target HUB, and can use I...

CVE-2018-19982

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP Server Controller HUB Node products which are controlled by HUB. The prerequisite is that the attacker is on the same network as the target HUB, and can use I...

CVE-2018-19982

CVE-2018-19982 affects KT MC01507L Z-Wave S0 devices. The issue arises because HPKP is not implemented, enabling an attacker on the same network to use IP Changer to redirect packets destined for the Server to a proxy, allowing sniffing of cleartext between Server and Controller. The attacker can...

Important: Red Hat Security Advisory: rh-nginx18-nginx security update

An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...