Code injection

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522...

Server side request forgery (ssrf)

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...

MSMAP - Memory WebShell Generator

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文 The idea behind I, The idea behind II Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical Interface Container Java...

Open Web Analytics 1.7.3 Remote Code Execution

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...

Open Web Analytics 1.7.3 - Remote Code Execution Exploit

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import requests import base6...

Open Web Analytics 1.7.3 - Remote Code Execution

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...

GHSA-P22X-G9PX-3945 Apache Tomcat may reject request containing invalid Content-Length header

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

DEBIAN-CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

SUSE SLED15 / SLES15 Security Update : python-waitress (SUSE-SU-2022:3731-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3731-1 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior...

Denial of Service in proxy by redirecting to own host

Description It is possible to partially interrupt the proxy in the backend by redirecting to the same URL again. Proof of Concept On a server or API mocking website implement a rule that will redirect all requests to the following URL: https://diagrams.net/proxy?url=https://attacker.com...

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2022:3571-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3571-1 advisory. - Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not...

CVE-2022-39201

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0-beta1 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain...

GO-2022-1038 Incorrect sanitization of forwarded query parameters in net/http/httputil

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

ALSA-2022:6839 Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2022:6775 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

No rate limit on email triggering during "resend email" action results in email flooding or a spam attack or a financial loss to the company itself

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

CVE-2022-39168

IBM Robotic Process Automation is vulnerable to proxy credential exposure in upgrade logs for IBM Robotic Process Automation for Cloud Pak 21.0.3–21.0.4, IBM Robotic Process Automation as a Service 21.0.3–21.0.4, and IBM Robotic Process Automation 21.0.3–21.0.4. Root cause: insufficient protectio...

Code injection

WiseConnect - ScreenConnect Session Code Bypass. An attacker would have to use a proxy to monitor the traffic, and perform a brute force on the session code in order to get in. Sensitive data about the company , get in a session...

Slack: Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links

A vulnerability was found in Slack that allowed experienced researchers to utilize an intercepting proxy to manipulate invite links and join an arbitrary workspace without admin approval. The issue was fixed immediately and no customers were impacted...