7082 matches found
Amazon Linux AMI : tomcat7 (ALAS-2020-1352)
The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...
Huawei EulerOS: Security Advisory for lftp (EulerOS-SA-2020-1259)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)
This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...
Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, track...
Updated tomcat packages fix security vulnerabilities
The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...
Important: tomcat7
Issue Overview: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located...
HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...
Security update for squid (moderate)
openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0307-1 Rating: moderate References: 1162687 1162689 1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: openSUSE Leap 15.1 An update that fixes four...
Debian DLA-2133-1 : tomcat7 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...
openSUSE Security Update : squid (openSUSE-2020-307)
This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buff...
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...
XCTR Hacking Tools - All in one tools for Information Gathering
All in one tools for Information Gathering. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUEdanvvVAkPBOspZkX397JxyXjnDNIATd5XbLZxVTPLzyCRJ1sMpQaEF7hH6x35GxYAT9L82ooTzK-EdywccEmklcpKtxIEsLBAYYDYNiTp...
Cacti v1.2.8 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module requires Metasploit:...
CVE-2019-5737
It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...
GHSA-767J-JFH2-JVRC Potential HTTP request smuggling in Apache Tomcat
The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...
Potential HTTP request smuggling in Apache Tomcat
The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...
GHSA-QXF4-CHVG-4R8R Potential HTTP request smuggling in Apache Tomcat
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
Potential HTTP request smuggling in Apache Tomcat
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
PT-2020-14513
Name of the Vulnerable Software and Affected Versions Go versions 1.13.x through 1.13.12 Go versions 1.14.x through 1.14.4 Description The issue is related to a data race in some net/http servers. This occurs when the server concurrently reads a request body and writes a response, as demonstrated...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:0487-1)
This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. CVE-2020-8450: Fixed a buffer...