Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-22005 VMware vCenter Server arbitrary file upload...

Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates

In a Firefox security announcement, Mozilla said 455,000 users have downloaded Firefox add-ons that interfere with how they connect to the internet. The interference in itself was not the deciding factor, however. The add-ons abused the proxy API to prevent users who had installed them from...

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named...

Clinic Management System 1.0 Code Execution / SQL Injection

Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

DOS By Front Running DelegatedStaking initialize

Handle elprofesor Vulnerability details Impact DelegatedStaking utilizes the ERC1967 upgradeable proxy standard. This relies on an implementation contract being deployed and then reused or consumed by a proxy contract. As proxy contracts are unable to leverage a constructor they typically use an...

Fedora: Security Advisory for squid (FEDORA-2021-4d2e7691ca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-41163

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

Crawlergo - A Powerful Browser Crawler For Web Vulnerability Scanners

crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. Th...

CVE-2021-22960

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

[SECURITY] Fedora 34 Update: squid-5.2-1.fc34

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

[SECURITY] Fedora 33 Update: squid-5.2-1.fc33

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

HTTP Request Smuggling

puma is vulnerable to HTTP request smuggling. Incorrect handling of HTTP requests with LF characters as line endings, allows a remote attacker to smuggle a request through a proxy, causing the proxy to send a response back to the victim...

CVE-2021-41136

An HTTP Request Smuggling vulnerability was found in puma. When using puma with a proxy, which forwards LF characters as line endings, an attacker could use this flaw to smuggle a request through a proxy, causing the proxy to send a response back to another unknown client...

Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

GHSA-48W2-RM65-62XX Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

CVE-2021-41136 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

Stormshield Network Security 安全漏洞

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security Netasq that originates from an overload that can be triggered by an attacker through a proxy to trigger a...