Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy security update

Red Hat OpenShift Service Mesh 1.0.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Wing FTP Server 6.2.3 Privilege Escalation

Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.3 Tested...

DotNetNuke 9.5 - File Upload Restrictions Bypass

DotNetNuke 9.5 - File Upload Restrictions Bypass Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link:...

GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection

Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...

[SECURITY] Fedora 30 Update: nghttp2-1.40.0-1.fc30

This package contains the HTTP/2 client, server and proxy programs...

Updated python-waitress packages fix security vulnerabilities

Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...

[SECURITY] Fedora 31 Update: nghttp2-1.40.0-1.fc31

This package contains the HTTP/2 client, server and proxy programs...

CVE-2020-8517

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in extlmgroupacl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated...

CVE-2020-5207

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator...

CVE-2020-5207

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator...

CVE-2020-5207

Kotlin Ktor before 1.3.0 is affected by a request-smuggling issue when behind proxies that mishandle Content-Length/Transfer-Encoding or use an improper header separator. The vulnerability arises from how multiple proxy configurations may allow CRLF or header separator handling to be exploited. I...

GHSA-XRR9-RH8P-433V Request smuggling is possible when both chunked TE and content length specified

Impact Request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle alone \n as a headers separator. Patches https://github.com/ktorio/ktor/pull/1547 Workarounds None except migrating to a better proxy. References...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1696)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2018-1075)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2017-1017)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2020-6750

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...

OKadminFinder - Admin Panel Finder / Admin Login Page Finder

OKadminFinder: Easy way to findadmin panel of site. Requirements Linux sudo apt install tor sudo apt install python3-socks optional pip3 install --user -r requirements.txt Windows download tor expert bundle pip3 install -r requirements.txt Usage Preview Linux git clone...

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...