1826 matches found
CVE-2020-28473
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
CVE-2021-23927
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request...
PYSEC-2021-46
beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...
CVE-2021-3116
CVE-2021-3116 affects proxy.py’s AuthPlugin (http/proxy/auth.py) before version 2.3.1, where a boolean logic bug (and vs or) allows incorrect Proxy-Authorization header data to be accepted. This may impact authentication handling in proxy.py, as described in Red Hat OSV/NVD entries and related ad...
CVE-2021-3116
beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...
Exploit for Path Traversal in Lanproxy_Project Lanproxy
CVE-2021-3019 CVE-2021-3019: Lanproxy directory traversal an...
Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)
Summary An Apache ActiveMQ man-in-the-middle vulnerability was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI...
CVE-2020-35111
When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox...
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
Exploit Title: Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit Authenticated Date: 12-29-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://support.zoom.us/hc/en-us/articles/201363093-Deploying-the-Meeting-Connector Software Link:...
Axios vulnerable to Server-Side Request Forgery
Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...
Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yet...
Oracle Linux 7 : ELSA-2020-5618-1: / thunderbird (ELSA-2020-56181)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-56181 advisory. 78.6.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.6.0-1 - Update to 78.6.0 Tenable has extracted...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists through an extension with the proxy permission registered to receive , where IP addresses were leaked through the source of the proxy.onRequest callback was not triggered for view-source URLs...
Moderate: Red Hat Security Advisory: nginx:1.16 security update
An update for the nginx:1.16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2020-35470
CVE-2020-35470 — Envoy Proxy : This vulnerability arises in Envoy before 1.16.1, which logs an incorrect downstream address by only considering the directly connected peer instead of the information in the proxy protocol header. It affects scenarios using tcp-proxy as the network filter (not HTTP...
Security Vulnerabilities fixed in Firefox ESR 78.6 — Mozilla
When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. Certain input to the CSS Sanitizer confused it,...
LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection Google Dork: Unknown Date: 13-12-2020 Exploit Author: Hodorsec Vendor Homepage: https://www.librenms.org Software Link: https://github.com/librenms/librenms Update notice:...
Insecure Access Control
squid3 is insecure access control. The vulnerability exists because of decoding the string which allows an attacker to retrieve the decoded data via the display of usernames on error pages...
OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines
OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. Prerequisite Python 3 Currently supported Search engines ahmia darksearchio onionland notevil darksearchenginer phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosear...