CVE-2022-24894

Mode C: CVE-2022-24894 affects Symfony (PHP framework) where the HTTP cache system can inadvertently store a response containing a Set-Cookie header and serve it to subsequent clients. Root cause: a change in AbstractSessionListener allows the response to include Set-Cookie when HTTP caching is e...

OESA-2023-1058 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

Exploit for Argument Injection in Atlassian Bitbucket

Atlassian-Bitbucket-Server-CVE-2022-36804 A critical command...

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...

IP Spoofing

parse-server is vulnerable to IP Spoofing Attack Via HTTP Request Header. The vulnerability exists due to the incorrect implementation of the client IP address in the parse server option masterKeyIps of the library, which sets the allowed IP address to the the x-forwarded-for header value, allowi...

vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

CVE-2022-24894: Prevent storing cookie headers in HttpCache

Affected versions Symfony versions =2.0.0, 4.4.50, = 5.0.0, 5.4.20, = 6.0.0, 6.0.20, = 6.1.0, 6.1.12, and = 6.2.0, 6.2.6 of the Symfony Security Bundle are affected by this security issue. The issue has been fixed in Symfony 4.4.50, 5.4.20, 6.0.20, 6.1.12, and 6.2.6. All other versions are not...

Micro Focus GroupWise Session ID Disclosure Vulnerability

Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:0446)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0446 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseabl...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

Python Exec, Python Meterpreter, Python Reverse TCP SSL Stager

Execute a Python payload from a command. Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Reverse Python connect back stager using SSL Module Options msf use payload/cmd/windows/python/meterpreter/reversetcpssl msf payloadreversetcpssl show actions ...actions... msf...

Python Exec, Command Shell, Reverse UDP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreverseudp msf payloadshellreverseudp show actions ...actions... msf...

Python Exec, Command Shell, Reverse TCP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

Critical: cacti

Issue Overview: A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a polleritem configured with a POLLERACTIONSCRIPTPHP action is present. This updated cacti package adds a feature allowing an...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804: Pre-Auth RCE in Atlassian Bitbucket Server A c...

RHEL 8 : python-django (RHSA-2020:1324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1324 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as muc...