1826 matches found
CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...
CVE-2019-10137
A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process...
Nextcloud: CSRF vulnerability that allows an attacker to modify encryption settings
The POST request to /ocs/v2.php/apps/provisioningapi/api/v1/config/apps/core/encryptionenabled is missing a unique token, so that if an attack can trick an admin user with an active session to visit an attacker controlled website, he/she can control the core application setting "encryptionenabled...
CVE-2019-1876 Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...
CVE-2019-1876 Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...
CVE-2019-1876
CVE-2019-1876 affects Cisco WAAS (HTTPS proxy feature) and is due to insufficient authentication of proxy connection requests, allowing an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy by sending a malicious HTTPS CONNECT message. The attack could enable access to ...
Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could...
Design/Logic Flaw
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific...
Safari Webkit Proxy Object Type Confusion
This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e....
Metabigor - Command Line Search Engines Without Any API Key
Command line Search Engine without any API key. What is Metabigor? Metabigor allows you do query from command line to awesome Search Engines like Shodan, Censys, Fofa, etc without any API key. But Why Metabigor? Don't use your API key so you don't have to worry about litmit of API quotation. Do...
Server-Side Request Forgery in terriajs-server
Versions of terriajs-serverprior to 2.7.4 are vulnerable to Server-Side Request Forgery SSRF. If an attacker has access to a server whitelisted by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the attacker can...
Nextcloud: Linux client is vulnerable to directory traversal when downloading files
Summary The Nextcloud Linux client is vulnerable to directory traversal when downloading files from a Nextcloud server. A malicious Nextcloud administrator can exploit the vulnerability to write arbitrary files to a user computers with the potential for remote command execution under certain...
Hackers Take Over IoT Devices to 'Click' on Ads
By 2025 there will be 25 billion internet of things IoT connections, according to GSMA Intelligence. And if hackers have it their way, many of those IoT devices will be hijacked and recruited into online pay-per-click advertising scams. At the Security Analyst Summit 2019, Threatpost sat down wit...
Rockwell Automation 1798 - 8 Point 24V DC Output, Source 1798-OB8E/A Adapter I/O accessed via proxy
Binary data 754529.prm...
Rockwell Automation 1790 16 Output 1790-0V16X/0B16X Adapter I/O Accessed Via Proxy
Binary data 754533.prm...
Rockwell Automation 1790 8 Input 120Vac 1790-T8A0X Adapter I/O Accessed Via Proxy
Binary data 754536.prm...
Rockwell Automation 1790 8 Output 120Vac or Relay 1790-T0A8X/0W8X Adapter I/O Accessed Via Proxy
Binary data 754534.prm...
Rockwell Automation 1798 - 2 Channel 24V DC Non-Isolated Voltage/Current Analog Output 1798-OE2/A Adapter I/O accessed via proxy
Binary data 754531.prm...
XClarity Administrator (LXCA) Service Data May Include Proxy Credentials - Lenovo Support US
No description provided...
Open Redirection
python is vulnerable to Open Redirection vulnerability. The vulnerability exists because Python CGIHandler class does not properly protect against the HTTPPROXY variable name clash in a CGI context. Remote attackers could redirect HTTP requests performed by a Python CGI script to an...