CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

FestIn - S3 Bucket Weakness Discovery

FestIn is a tool for discovering open S3 Buckets starting from a domains. It perform a lot of test and collects information from: DNS Web Pages Crawler S3 bucket itself like S3 redirections Why Festin There's a lot of S3 tools for enumeration and discover S3 bucket. Some of them are great but...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0.0 through...

Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers

Executive Summary Microsoft is aware of a tampering vulnerability in the way that HTTP proxies front-end and web servers back-end that do not strictly adhere to RFC standards handle sequences of HTTP requests received from multiple sources. An attacker who successfully exploited the vulnerability...

BSA Radar 1.6.7234.24750 - Local File Inclusion

Exploit title: BSA Radar 1.6.7234.24750 - Local File Inclusion Date: 2020-07-08 Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE-2020-14946 - Local File Inclusion Description: The Administrator section of th...

Node.js: HTTP Request Smuggling due to CR-to-Hyphen conversion

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

[SECURITY] Fedora 31 Update: curl-7.66.0-2.fc31

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Proxy or VPN for Netflix – Which is Best?

By Waqas There are several virtual private networks VPN and proxy servers that tout... This is a post from HackRead.com Read the original post: Proxy or VPN for Netflix - Which is Best?...

Automattic: IDOR at 'media_code' when addings media to questions

Summary: Hi team, When you add a question to your survey and click Save, it sends this request : F893416 In this request, mediacode is vulnerable for IDOR. If you change it to any media ID, you will see it on your question. And these IDs are sequential. So you can access to any user's media...

Security fix for the ALT Linux 9 package freerdp version 2.1.2-alt1

2.1.2-alt1 built June 25, 2020 Andrey Cherepanov in task 253866 June 23, 2020 Andrey Cherepanov - New version. - Fixes: + CVE-2020-4033 Out of bound read in RLEDECOMPRESS + CVE-2020-4031 Use-After-Free in gdiSelectObject + CVE-2020-4032 Integer casting vulnerability in updaterecvsecondaryorder +...

CVE-2019-20866

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled...

CVE-2019-20866

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled...

[SECURITY] Fedora 31 Update: nghttp2-1.41.0-1.fc31

This package contains the HTTP/2 client, server and proxy programs...

[20200706] - Core - System Information screen could expose redis or proxy credentials

Inadequate filtering in the system information screen could expose redis or proxy credentials...

CVE-2020-13223

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2...

Design/Logic Flaw

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...

Tangalanga - The Zoom Conference Scanner Hacking Tool

Zoom Conference scanner. This scanner will check for a random meeting id and return information if available. Usage This are all the possible flags: tangalanga \ -token=user-token \ default: env TOKEN user token to use. -colors=false \ default: true enable/disable colors -censor=true \ default:...

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...