CVE-2023-25557 Server-Side Request Forgery in DataHub

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

Darkdump2 - Search The Deep Web Straight From Your Terminal

About Darkdump Recent Notice - 12/27/22 Darkdump is a simple script written in Python3.11 in which it allows users to enter a search term query in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump2.0 is here, enjoy! Installation 1. git clone...

Information Disclosure

github.com/fortio/proxy is vulnerable to Information Disclosure. The vulnerability exists in the DebugOnHostFunc function in proxymain.go due to the unsafe use of DebugHandler, which results in disclosure of sensitive information or/and a system hang...

RHEL 9 : go-toolset and golang (RHSA-2023:0328)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0328 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

Debian: Security Advisory (DSA-5316-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Destruction of the SmartAccount implementation

Lines of code Vulnerability details Description If the SmartAccount implementation contract is not initialized, it can be destroyed using the following attack scenario: Initialize the SmartAccount implementation contract using the init function. Execute a transaction that contains a single...

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

Deny of service in SmartAccountFactory

Lines of code Vulnerability details Impact The salt used for create2 does not include information from the init method, so it is vulnerable to front-running. Proof of Concept it's impossible to override an existing contract in Ethereum. From EIP-684: If a contract creation is attempted, due to...

Proxy creation isn't check in deployWallet function of SmartAccountFactory contract

Lines of code Vulnerability details The deployWallet function present in the SmartAccountFactory contract deploys a new wallet by creating a Proxy that points to a base implementation using assembly. function deployWalletaddress owner, address entryPoint, address handler public returnsaddress pro...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1124)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amoun...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5788-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5788-1 advisory. Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote...

CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...

GHSA-GHW3-5QVM-3MQC CodeIgniter4 allows spoofing of IP address when using proxy

Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...

CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

CVE-2022-45347

The CVE-2022-45347 issue affects Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as the backend. The root cause is incomplete cleanup of the database session after client authentication fails, which could allow an attacker to issue normal commands by connecting with a crafted MySQL cl...

CURL-CVE-2022-43552 HTTP Proxy deny use after free

curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...

PYSEC-2022-43062

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4....

curl: HTTP proxy double-free

A vulnerability was found in curl. The issue occurs if curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL. It sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this...