Apache < 2.0.55 Multiple Vulnerabilities

The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where 'SSLVerifyClient' is not enforced in per-location context if 'SSLVerifyClient optional' is configured in the vhost...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

[SECURITY] Fedora 8 Update: nx-3.1.0-25.1.fc8

NX provides a proxy system for the X Window System...

3Proxy HTTP Proxy Crafted Transparent Request Remote Overflow

The remote host is running 3proxy, an application proxy supporting many protocols Telnet, FTP, WWW, and more. A stack overflow vulnerability has been detected in 3proxy prior to 0.5.3h and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request, a remote attacker could...

Debian Security Advisory DSA 830-1 (ntlmaps)

The remote host is missing an update to ntlmaps announced via advisory DSA 830-1. Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorisation proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password o...

Debian: Security Advisory (DSA-966-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Docebo 3.5.0.3 - lib.regset.phpnon-blind SQL Injection

Docebo 3.5.0.3 - lib.regset.phpnon-blind SQL Injection = 4.1 PHP 5.X needed by Docebo regardless of php.ini settings no benchmark quickly coded to perform credentials disclosure ----------------------------------------------------------------------------- '; if $argc 126 $result.=" ."; else...

UploadImageUploadScript 1.0 - Remote Change Admin Password

UploadImageUploadScript 1.0 - Remote Change Admin Password 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; re...

Squid Proxy Cache Update Reply Processing 远程拒绝服务

Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to perform boundary checks before copying user-supplied data into process buffers. Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to...

FreeWebShop 2.2.1 - Blind SQL Injection

FreeWebShop 2.2.1 - Blind SQL Injection !/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ FreeWebshop version 2.2.1 - Multiple Remote SQL Injection Vulnerabilities Waktu : Dec 16 2007 01:50AM Software : FreeWebshop version 2.2.1 Vendor :...

CCProxy Telnet Proxy Ping remote stack overflow analysis-vulnerability warning-the black bar safety net

By: mad Dog-B. C. T Simple to understand a bit of the vulnerability reason, the problem lies in the ping, the first to trigger this vulnerability see the effect. Turn on the CC, and then telnet 127.0.0.1 2 3, appeared the following tips CCProxy TelnetCCProxy Telnet Service Ready. CCProxy Telnet...

CVE-2007-6385

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...

MonAlbum 0.87 - Arbitrary File Upload Password Grabber

MonAlbum 0.87 - Arbitrary File Upload Password Grabber !/usr/bin/env perl use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; use Getopt::Std; my %args, $user, $password, $sqlhost, $sqluser, $sqlpassword, $cookie, $path, $file, $upload = ; my $tmp = 'cmd1.jpg';...

Squid remote denial-of-service vulnerability

Overview The Squid Proxy server contains a vulnerability that may allow an attacker to create a denial-of-service condition that affects the Squid server and systems that rely on it. Description Squid Proxy Cache is a caching proxy that supports the HTTP, HTTPS, and FTP protocols. Squid can also ...

US-CERT Technical Cyber Security Alert TA07-334A -- Apple QuickTime RTSP Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-334A Apple QuickTime RTSP Buffer Overflow Original release date: November 30, 2007 Last revised: -- Source: US-CERT Systems Affected A buffer overflow in Apple QuickTime affects: Apple...

PHPKIT 1.6.4pl1 article.php Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== PHPKIT 1.6.4pl1 article.php Remote SQL Injection Exploit ======================================================== !/usr/bin/perl Vulnerability found & exploit written by $h4d0wl33t...

CVE-2007-4700

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors...

CVE-2007-4700

CVE-2007-4700 affects Apple Mac OS X 10.4–10.4.10 where WebKit/Safari could be abused to proxy traffic to arbitrary TCP ports. The description does not specify the exact vectors or vulnerable components beyond WebKit/Safari. The public note mentions vendor updates: Mac OS X 10.4.x security update...

Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-519-1)

Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information such as passwords. Note that Tenable Network Security ha...

GLSA-200711-13 : 3proxy: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200711-13 3proxy: Denial of Service 3proxy contains a double free vulnerability in the ftpprchild function, which frees param-hostname and calls the parsehostname function, which in turn attempts to free param-hostname again. Impa...