7081 matches found
Debian DLA-2733-1 : tomcat8 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2733 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protecti...
DEBIAN-CVE-2021-36221
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort...
UBUNTU-CVE-2021-36221
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort...
[SECURITY] [DLA 2733-1] tomcat8 security update
Debian LTS Advisory DLA-2733-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 05, 2021 https://wiki.debian.org/LTS Package : tomcat8 Version : 8.5.54-0+deb9u7 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046 991046 Several security vulnerabilitie...
FreeBSD : tomcat -- HTTP request smuggling in multiple versions (d34bef0b-f312-11eb-b12b-fc4dd43e2b6a)
Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports : Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignore...
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...
Design/Logic Flaw
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...
CVE-2021-32813
The CVE-2021-32813 issue affects Traefik (HTTP reverse proxy/load balancer). Before v2.4.13, Traefik’s handling of the Connection header can remove a request header if a middleware chain sets a header and the request uses a specific Connection header, potentially preventing the backend from seein...
Doldrums - A Flutter/Dart Reverse Engineering Tool
To flutter: to move in quick, irregular motions, to beat rapidly, to be agitated. Doldrums: a period of stagnation. Doldrums is a reverse engineering tool for Flutter apps targetting Android. Concretely, it is a parser and information extractor for the Flutter/Dart Android binary, conventionally...
Hotel Management System 1.0 - XSS Arbitrary File Upload Remote Code Execution Exploit
Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0 Tested on: Linux +...
Apache Tomcat 9.0.0.M1 < 9.0.48
The version of Tomcat installed on the remote host is prior to 9.0.48. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.48security-9 advisory. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...
Apache Tomcat 8.5.0 < 8.5.68
The version of Tomcat installed on the remote host is prior to 8.5.68. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.68security-8 advisory. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP...
DEBIAN-CVE-2021-33197
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...
AZL-79094 CVE-2021-33197 affecting package golang 1.25.7-1
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...
UBUNTU-CVE-2021-33197
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204 Description Improper neutralization of use...
Exploit-Writeups
The repository whuadmin/Exploit-Writeups is a collection of writeups for various CTF Capture The Flag challenges. The writeups cover a range of topics, including reverse engineering, pwnables, and cryptography. The first challenge is "crackme01" from EncryptCTF-2019, which is a reverse engineerin...
Exploit for Unrestricted Upload of File with Dangerous Type in Backup-Guard Backup_Guard
WordPress-Backup-RCE This Metasploit module allows an attacke...