6123 matches found
CVE-2001-0142
CVE-2001-0142 affects squid 2.3 and earlier. The issue is a local symlink/race condition that can cause local users to overwrite arbitrary files via temporary file handling in certain configurations. Impact is described as local privilege/content modification without remote access; CVSS reflects ...
CVE-2001-0142
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations...
[SECURITY] [DSA 019-1] New version of squid released
---------------------------------------------------------------------------- Debian Security Advisory DSA-019-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25, 2001 - ---------------------------------------------------------------------------- Package : squid...
Squid doesn't quote urls in error messages.
Hi, I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages. For example if a user visits the following url http://www.dotcom.com/ btest/b The user will get an invalid url page with test in bold. Or even more fun with: http://www.somecompany.com/img...
Re: Squid doesn't quote urls in error messages.
Hello Lincoln Yeoh, 27.10.00 13:47, you wrote: Squid doesn't quote urls in error messages.; L I noticed that Squid 2.3.STABLE4 doesn't quote urls in error L messages. skip L I haven't really tried it myself, and so I can't confirm if it really works L that's why it's in VULN-DEV ; . I can confirm...
Linux news 18.05.00
Linux 2.2.16pre3 Вышла новая pre-версия следующего стабильного ядра: Linux 2.2.16pre3. Подробнее: http://linuxtoday.com/newsstory.php3?ltsn=2000-05-16-007-04-NW-KN Kernel Traffic 67 Вышел новый обзор Linux Kernel Traffic: 67. Подробнее: http://kt.linuxcare.com/kernel-traffic/kt2000051567print.epl...
CVE-1999-0710
CVE-1999-0710 affects the Squid proxy (publicly accessible cachemgr.cgi) and allows remote attackers to use it as an intermediary to connect to other systems. OpenVAS/Nessus entries corroborate a public-facing cachemgr.cgi risk across Red Hat, Debian, CentOS, and FreeBSD/OpenBSD ecosystems. The R...
CVE-1999-0710
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems...
CVE-1999-0710
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems...
CVE-1999-1481
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair...
squid.exploit.txt
Holla, since some people asked how to exploit the squid bug, I send a description along. Assumptions: 1. You use plain squid-2.2-STABLE5 or below. Also, external authentification is active using a some external authentication program, which basically follows the implementation guidelines given on...
National Science Foundation Squid Web Proxy 1.0/1.1/2.1 - Authentication Failure
source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when users of the cache are using an external authenticator. The following is quoted fr...
National Science Foundation Squid Web Proxy 1.01.12.1 - Authentication Failure
National Science Foundation Squid Web Proxy 1.01.12.1 - Authentication Failure source: https://www.securityfocus.com/bid/741/info There is a vulnerability present in certain versions of the Squid Web Proxy Cache developed by the National Science Foundation. This problem is only in effect when use...
Squid cachemgr.cgi Proxied Port Scanning
RedHat Linux 6.0 installs by default a squid cache manager cgi script with no restricted access permissions. This script could be used to perform a port scan from the cgi-host machine. %NASLMINLEVEL 70300 This script was written by Alexis de Bernis See the Nessus Scripts License for details...
CVE-1999-0710
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems...
DEBIAN-CVE-1999-0710
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems...
CVE-1999-0710
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems...
Squid Web Proxy 2.2 - 'cachemgr.cgi' Unauthorized Connection
source: https://www.securityfocus.com/bid/2059/info The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port, which it then tries to connect...
Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection
Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection source: https://www.securityfocus.com/bid/2059/info The 'cachemgr.cgi' module is a management interface for the Squid proxy service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and 6.0 installed with Squid. This script...
CVE-1999-1273
Squid Internet Object Cache 1.1.20 allows users to bypass access control lists ACLs by encoding the URL with hexadecimal escape sequences...