PT-2024-9010 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to an error in certificate authentication in the implementation of the mTLS protocol in Keycloak, which is a software tool for identity and access management. This cou...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Exploit Overview This...

UBUNTU-CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

CVE-2024-45403

CVE-2024-45403 affects the H2O HTTP server when configured as a reverse proxy. The issue is an assertion failure caused by cancelled HTTP/3 requests, enabling a denial-of-service attack. By default, the standalone H2O server restarts automatically, which mitigates impact, but concurrent requests ...

CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

CVE-2024-45403 H2O assertion failure when HTTP/3 requests are cancelled

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. H2O suffers from a security vulnerability that stems from a possible crash due to assertion failure when configured as a reverse proxy and a client cancels an HTTP/3 request, which can be exploited by ...

PT-2024-31607 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: h2o versions prior to the version containing commit 1ed32b2 Description: The issue affects h2o, an HTTP server that supports HTTP/1.x, HTTP/2, and HTTP/3. When configured as a reverse proxy, h2o may crash due to an assertion failure if HTTP/3...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

Gradio uses insecure communication between the FRP client and server

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files upload...

Ghidra data type archive for Windows driver functions

While reverse-engineering Windows drivers with Ghidra, it is common to encounter a function or data type that is not recognized during disassembly. This is because Ghidra does not natively include the majority of the definitions for data types and functions used by Windows drivers. Thankfully,...

Exploit for CVE-2024-4439

Exploit CVE-2024-4439 This Python script demonstrates an exp...

CVE-2024-6861

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. Mitigation To mitigate this...

PT-2024-39748 · Red Hat · Keycloak Server

Name of the Vulnerable Software and Affected Versions: Keycloak Server affected versions not specified Description: A denial of service DoS attack is possible due to improper handling of proxy headers in the Keycloak Server. When configured to accept incoming proxy headers, Keycloak may accept...

MAL-2024-9268 Malicious code in maxpatrol (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 e7b0664f3eb50be717290db2d08e1be4a3dcbce029ad58fae9cffb04f09a51c1 When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9270 Malicious code in ptsecurity (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 a67d1a04a247e897d3da239f3ff95a95284282eb6bb38c266273167e4419b9c1 When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9267 Malicious code in innostage-group (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9d0f2f6104de4772268a20f51e009797c0c4b0740d18d98d730417fdafdfb052 When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9269 Malicious code in posi (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9eff1140edfe020fe3ef5905579f5e5d74a8cd0638332576041513ce894eb27e When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-9266 Malicious code in innostage (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 ec433c9a241ed7127dc5d6f55b002e94a2407ddd47000e50355f118536e9021e When imported, the package download and runs a remote stage - a reverse shell. To mas...