USN-6294-2: HAProxy vulnerability

USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the paylo...

EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy

By Habiba Rashid The EvilProxy phishing kit is a malicious tool that has emerged as a key player, as it exploits MFA's limitations. So far, it has targeted over 100 firms. This is a post from HackRead.com Read the original post: EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Pro...

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do...

GHSA-VMCH-3W2X-VHGQ .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in exploitation of this vulnerability. Mitigation If your application is running behind a rever...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in exploitation of this vulnerability. Mitigation If your application is running behind a rever...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting ...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting a...

CVE-2023-38505

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...

Design/Logic Flaw

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...

CVE-2023-38505 DietPi-Dashboard Insufficient TLS Handshake Pool

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...

CVE-2023-38505 DietPi-Dashboard Insufficient TLS Handshake Pool

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...

CVE-2023-38505 DietPi-Dashboard Insufficient TLS Handshake Pool

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...

copyparty vulnerable to reflected cross-site scripting via k304 parameter

Summary The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking user...

GHSA-F54Q-J679-P9HH copyparty vulnerable to reflected cross-site scripting via k304 parameter

Summary The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking user...

SAP Web Dispatcher 缓冲区错误漏洞

SAP Web Dispatcher is the core component of Load Balancing from SAP, which supports load balancing and provides reverse proxy functionality so that external users can access internal applications. A buffer overflow vulnerability exists in SAP Web Dispatcher, which is caused by a logical error in...

XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...

GHSA-6XXR-648M-GCH6 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...