HTTPS Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTP Fetch, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set...

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

CVE-2023-26044

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

Cross site request forgery (csrf)

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

CVE-2023-26044 ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

CVE-2023-26044

Removed by vendor...

ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits

Summary Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the...

org.jenkins-ci.plugins:reverse-proxy-auth-plugin (>=1.3.3 <=1.6.3) potentially affected by CVE-2023-32978 via org.jenkins-ci.plugins:ldap (=1.8)

org.jenkins-ci.plugins:ldap MAVEN version =1.8 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ldap and may be impacted: - org.jenkins-ci.plugins:reverse-proxy-auth-plugin =1.3.3, =1.6.3 Source cves: CVE-2023-32978 Source advisor...

GHSA-PMMR-R9V2-59P8 Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability

Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability

Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

CVE-2023-32987

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

CVE-2023-32987

The CVE affects Jenkins Reverse Proxy Auth Plugin (versions ≤ 1.7.4). A CSRF flaw allows an attacker to connect to an attacker-specified LDAP server using attacker-specified credentials. Impact is high on confidentiality, integrity, and availability (CVE-2023-32987, CVSS v3.1: 8.8). The issue ari...

CVE-2023-32987

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...