CVE-2019-13423

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a Kibana is configured to use Single-Sign-On as...

UPDATE: Merlin v0.8.0

PenTestIT RSS Feed A week ago an update - Merlin v0.8.0 was released. There was a brief mention about Merlin in my post titled - List of Open Source C2 Post-Exploitation Frameworks. This new version includes several new features to increase Operations Security OPSEC and usability. One of the more...

[SECURITY] Fedora 29 Update: nghttp2-1.39.2-1.fc29

This package contains the HTTP/2 client, server and proxy programs...

CVE-2019-13423

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a Kibana is configured to use Single-Sign-On as...

CVE-2019-13423

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a Kibana is configured to use Single-Sign-On as...

Authentication flaw

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a Kibana is configured to use Single-Sign-On as...

[SECURITY] Fedora 30 Update: nghttp2-1.39.2-1.fc30

This package contains the HTTP/2 client, server and proxy programs...

Fedora Update for nghttp2 FEDORA-2019-81985a8858

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Agent Tesla Botnet - Arbitrary Code Execution Exploit

Agent Tesla Botnet - Arbitrary Code Execution import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog:...

CVE-2019-10345

CVE-2019-10345 affects Jenkins Configuration as Code Plugin

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution

Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. POC Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81150/cbs-win.exe Version: 7.x 8.1.1.50 Tested on: Windows...

CVE-2019-14268

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...

CVE-2019-11552

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...

Insecure Cookie Management

hawtio uses insecure cookie management. The vulnerability exists because a persistent cookie store that stores cookies locally results in all clients of the proxy to share the same cookies which allows an attacker to access the cookie information...

Directory Traversal

spacewalk proxy is vulnerable to directory traversal. An unauthenticated remote attacker is able to determine the existence of arbitrary system files by exploiting the vulnerable. Access to the proxy's filesystem would potentially allow the attacker to execute arbitrary code in the context of the...

Path traversal

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

CVE-2019-12781

CVE-2019-12781 affects Django where HTTP requests are not consistently redirected to HTTPS when SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT are used and the reverse proxy connects via HTTPS. Affected: Django 1.11 before 1.11.22, Django 2.1 before 2.1.10, and Django 2.2 before 2.2.3. Root caus...