7081 matches found
What is the Reverse Proxy❓ Reverse vs. Forward Proxy
Reverse proxies help in shielding web workers from assaults while further developing execution and dependability. Continue reading to learn more about data about forward and invert proxies. What is a proxy server? Forward proxies are commonly known as proxies, web proxies, or internet servers, are...
MGASA-2021-0416 Updated golang packages fix security vulnerability
The updated golang packages fix a security vulnerability: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort CVE-2021-36221...
OpSec. Expanding your search: Hunting domains
In the last few blogs I have introduced OSINT and OpSec, talked about leaky images and using Google Dorks and how to use those techniques specifically to examine your own corporate OpSec. One of the most important aspects is to understand how wide your target expands. Many companies own multiple...
WPanel 4.3.1 Remote Code Execution
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
WPanel 4.3.1 - Remote Code Execution (Authenticated) Exploit
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
Exploit for OS Command Injection in Draytek Vigor2960_Firmware
CVE-2020-8515 Draytek CVE-2020-8515 PoC I had kicking about...
Security Bulletin: CVE-2021-33037 Apache Tomcat 8.5.66 did not correctly parse the HTTP transfer-encoding request header leading to the possibility to request smuggling when used with a reverse proxy
Summary Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the...
GHSA-JJ53-8FMW-F2W2 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Impact Unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where: - the vulnerable homeserver is in the room; and - untrusted users are permitted to create groups communities. By defaul...
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Impact Unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where: - the vulnerable homeserver is in the room; and - untrusted users are permitted to create groups communities. By defaul...
GHSA-3X4C-PQ33-4W3Q Improper authorisation of members discloses room membership to non-members
Impact Unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver tha...
CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
DEBIAN-CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
PYSEC-2021-425
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
Code injection
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
PYSEC-2021-425
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...