GO-2025-4068 Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula

Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula...

EUVD-2004-2441

Malware in sbrugna...

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

GHSA-VJH7-5R6X-XH6G CasaOS Gateway vulnerable to incorrect identification of source IP addresses

Impact Unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. Patches The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS 0.4.4. Workarounds Users should upgrade to CasaOS 0.4.4. If they can't, they...

Twisted SSH client and server deny of service during SSH handshake.

Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...

Cachet vulnerable to forced reinstall

Impact Authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. Patches This issue was addressed by improving the middleware ReadyForUse, which now performs a stricter validation of the...

CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...

Default configuration

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. This issue was...

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

Design/Logic Flaw

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

Input validation

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

CVE-2021-39173 Forced reinstall

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

CVE-2018-20799

In pfSense 2.4.41, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication the behavior does not match the sshguard documentation, which might make it easier for attackers to bypass...

Remote Authentication GeoFeasibility Tool - GeoLogonalyzer

Users have long needed to access important resources such as virtual private networks VPNs, web applications, and mail servers from anywhere in the world at any time. While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials t...

CVE-2017-7397

BackBox Linux 4.6 allows remote attackers to cause a denial of service ksoftirqd CPU consumption via a flood of packets with Martian source IP addresses as defined in RFC 1812 section 5.3.7. This product enables net.ipv4.conf.all.logmartians by default. NOTE: the vendor reports "It has been prove...

BackBox OS Denial Of Service Exploit

Exploit for linux platform in category dos / poc Exploit Title: BackBox OS Denial Of ServiceCPU Consumption CVE: CVE-2017-7397 CWE: CWE-400 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://backbox.org/ Version : 4.6 Exploit Tested on: Ubuntu 16.04 Date: 01-04-2017 Category:...

Design/Logic Flaw

The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...

CVE-2016-4954

The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...

CVE-2009-5120

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via UTF-7 text to the 404...

CVE-2007-3320

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact...