CVE-2022-36781

CVE-2022-36781 affects ConnectWise ScreenConnect versions 22.6 and below. The root cause is inadequate rate-limiting on custom access tokens in the default configuration, enabling potential brute-force attempts to gain unauthorized access to session code protections. Multiple connected sources co...

Apache Pulsar Proxy Input Validation Error Vulnerability

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP addre...

GHSA-3MG9-M3F6-V7FQ Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP addre...

CVE-2022-33681

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

CVE-2022-33682

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

[SECURITY] Fedora 37 Update: nghttp2-1.49.0-1.fc37

This package contains the HTTP/2 client, server and proxy programs...

Windows shellcode stage, Reverse HTTP Stager Proxy

Custom shellcode stage. Tunnel communication over HTTP Module Options msf use payload/windows/custom/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf payloadreversehttpproxypstore show options ...show and set...

Powershell Exec, Windows shellcode stage, Reverse HTTP Stager Proxy

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/powershell/custom/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTIO...

Incorrect header handling in mod-wsgi

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

Ubuntu: Security Advisory (USN-361-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Can You Secure Your Smartphone with a Proxy?

By Owais Sultan A proxy can help you bypass restrictions and access blocked websites. It can also help you stay anonymous online, which is useful if you want to avoid being tracked by governments or advertisers. This is a post from HackRead.com Read the original post: Can You Secure Your Smartpho...

GLSA-202208-28 : Puma: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-28 Puma: Multiple Vulnerabilities - Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been...

Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2...

CVE-2022-37041

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ZCS 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of...