CVE-2024-53270 HTTP/1: sending overload crashes when the request is reset beforehand in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...

Envoy Proxy 安全漏洞

Envoy Proxy is a cloud-native, high-performance edge/intermediate/service proxy open-sourced by Envoy Proxy. A security vulnerability exists in Envoy Proxy that stems from the fact that sending a payload when resetting a request early could lead to a crash...

Cockpit CMS 0.11.1 - (Username Enumeration & Password Reset) NoSQL Injection Exploit

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json import re import...

jukinmedia.com XSS vulnerability

Vulnerable URL: https://www.jukinmedia.com/request-reset Details: Description| Value ---|--- Patched:| No Latest check for patch:| 11.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 91841 VIP website status:| No Coordinated Disclosure Timeline: Description|...