7082 matches found
Design/Logic Flaw
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...
Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...
CVE-2020-5944
CVE-2020-5944 affects BIG-IQ 7.1.0 where access to DoS Summary and DNS Overview pages returns an error due to a disabled Grafana reverse proxy in web service configuration. The issue has been re-classified by F5 as a defect and is not assigned to other F5 vulnerabilities; CVSS metrics are provide...
CVE-2020-5944
In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...
squid: Improper input validation in request allows for proxy manipulation
A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...
squid: Buffer overflow in reverse-proxy configurations
A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...
tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...
squid:4 security, bug fix, and enhancement update
An update is available for libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients, supporting...
Complaints Report Management System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...
Binbloom - Raw Binary Firmware Analysis Software
The purpose of this project is to analyse a raw binary firmware and determine automatically some of its features. This tool is compatible with all architectures as basically, it just does simple statistics on it. In order to compute the loading address, you will need the help of an external rever...
Simple College Website 1.0 Code Execution / SQL Injection
Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM
Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...
Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...
golang: data race in certain net/http servers including ReverseProxy can lead to DoS
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...
golang: data race in certain net/http servers including ReverseProxy can lead to DoS
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...
Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...
Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition
Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. Weve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar...
The Unsinkable Maddie Stone, Google’s Bug-Hunting Badass
The Project Zero reverse engineer shuts down some of the world's most dangerous exploits—along with antiquated hacker stereotypes...
An issue was discovered in Ruby through 2.5.8 2.6.x through 2.6.6 and 2.7.x through 2.7.1. WEBrick a simple HTTP server bundled with Ruby had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check) which may lead to an HTTP Request Smuggling attack.
...