CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

Server side request forgery (ssrf)

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...

Crlf injection

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

CVE-2022-35508

Proxmox CVE-2022-35508 enables SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon, exploitable by an unprivileged user to disclose server files. In Proxmox Mail Gateway, there is also a privilege escalation route to root@pam if backup artifacts were used, because pmg-backup...

CVE-2022-35507

Proxmox VE/PMG web interfaces are affected by a response-header CRLF injection in pve-http-server. An attacker can cause a client-side DoS by injecting CRLF into response headers to set cookies longer than the server expects, notably affecting Chromium-based browsers using %0d. Affected versions ...

Proxmox pve-http-server 代码问题漏洞

pve-http-server is an open source virtualization environment library from Proxmox. A security vulnerability exists in Proxmox pve-http-server, which stems from an SSRF vulnerability when proxying HTTP requests between pvepmgproxy and pvepmgdaemon, where an attacker with an unprivileged account ca...

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

CVE-2018-13580

The mintToken function of a smart contract implementation for ProvidenceCasino PVE, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13547

The CVE-2018-13547 entry concerns Providence Casino Token (ProvidenceCasinoToken) on Ethereum, where the mintToken function contains an integer overflow that allows the contract owner to set any user’s balance to an arbitrary value. Public sources in connected documents (CNVD/CNVD-2020-22842 and ...

CVE-2018-13580

ProvidenceCasino (PVE) is affected. The mintToken function in its smart contract has an integer overflow vulnerability that allows the contract owner to set any user’s token balance to an arbitrary value. This is described across multiple sources (CNVD-2020-22843 and NVD entries) as a vulnerabili...

CVE-2018-13206

The CVE-2018-13206 entry concerns ProvidenceCasino (PVE), an Ethereum ERC-20 token. The vulnerability is an integer overflow in the contract’s sell function, where the expression amount * sellPrice can evaluate to zero, allowing an attacker to reduce a seller’s assets. Affected component: the PVE...

CVE-2018-13210

The vulnerability CVE-2018-13210 affects ProvidenceCasinoToken, an Ethereum ERC20 token. The sell function has an integer overflow where amount * sellPrice can become zero, reducing a seller’s assets. This is described in the NVD entry and corroborated by CNVD/PRION/CVELIST records; no public rem...

Audiotran 1.4.2.4 SEH Overflow Exploit (DEP Bypass)

No description provided by source. Exploit Title: Audiotran 1.4.2.4 SEH Overflow Exploit DEP Bypass Date: 09/20/10 Credit/Bug found by : Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Author: Muhamad Fadzil Ramli - mind1355 at gmail dot com Software Link:...

Audiotran 1.4.2.4 - Local Overflow (SEH) (DEP Bypass)

Exploit Title: Audiotran 1.4.2.4 SEH Overflow Exploit DEP Bypass Date: 09/20/10 Credit/Bug found by : Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Author: Muhamad Fadzil Ramli - mind1355 at gmail dot com Software Link: http://www.e-soft.co.uk/Audiotran.htm Version:...