Lucene search
K

7082 matches found

Prion
Prion
added 2020/11/05 8:15 p.m.19 views

Design/Logic Flaw

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...

4CVSS4.7AI score0.00814EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/05 7:49 p.m.50 views

Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy

Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...

5.8CVSS0.2AI score0.09386EPSS
Exploits0Affected Software1
CVE
CVE
added 2020/11/05 7:24 p.m.61 views

CVE-2020-5944

CVE-2020-5944 affects BIG-IQ 7.1.0 where access to DoS Summary and DNS Overview pages returns an error due to a disabled Grafana reverse proxy in web service configuration. The issue has been re-classified by F5 as a defect and is not assigned to other F5 vulnerabilities; CVSS metrics are provide...

4.3CVSS4.6AI score0.00814EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/05 7:24 p.m.34 views

CVE-2020-5944

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...

4.7AI score0.00814EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/11/04 1:45 a.m.8 views

squid: Improper input validation in request allows for proxy manipulation

A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...

7.5CVSS5.8AI score0.03935EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/04 1:45 a.m.2 views

squid: Buffer overflow in reverse-proxy configurations

A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...

7.5CVSS6AI score0.7179EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:39 a.m.2 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.09386EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2020/11/03 12:32 p.m.40 views

squid:4 security, bug fix, and enhancement update

An update is available for libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients, supporting...

9.9CVSS8.7AI score0.7179EPSS
Exploits0
Packet Storm
Packet Storm
added 2020/11/03 12:0 a.m.631 views

Complaints Report Management System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...

0.4AI score
Exploits0
Kitploit
Kitploit
added 2020/10/30 8:30 p.m.36 views

Binbloom - Raw Binary Firmware Analysis Software

The purpose of this project is to analyse a raw binary firmware and determine automatically some of its features. This tool is compatible with all architectures as basically, it just does simple statistics on it. In order to compute the loading address, you will need the help of an external rever...

7AI score
Exploits0References2
Packet Storm
Packet Storm
added 2020/10/30 12:0 a.m.704 views

Simple College Website 1.0 Code Execution / SQL Injection

Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/30 12:0 a.m.857 views

Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution

Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2020/10/29 8:30 p.m.669 views

Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM

Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...

7.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/10/28 6:24 p.m.3 views

Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...

5.3CVSS7.2AI score0.01697EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/10/27 2:53 p.m.2 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/10/27 2:47 p.m.3 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.3 views

Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...

5.3CVSS7.2AI score0.01697EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2020/10/27 11:34 a.m.22 views

Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. Weve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar...

0.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/10/25 11:0 a.m.45 views

The Unsinkable Maddie Stone, Google’s Bug-Hunting Badass

The Project Zero reverse engineer shuts down some of the world's most dangerous exploits—along with antiquated hacker stereotypes...

3.1AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/21 7:0 a.m.2 views

An issue was discovered in Ruby through 2.5.8 2.6.x through 2.6.6 and 2.7.x through 2.7.1. WEBrick a simple HTTP server bundled with Ruby had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check) which may lead to an HTTP Request Smuggling attack.

...

7.5CVSS7AI score0.03772EPSS
Exploits0
Rows per page
Query Builder