keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution

Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary...

EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2019-1770)

According to the versions of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server...

EulerOS 2.0 SP2 : keepalived (EulerOS-SA-2019-1739)

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allow...

Konan - Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Installation Download Konan by cloning the Git repository: git clone https://github.com/m4ll0k/Konan.git konan Install requirements with pip cd konan && pip install -r...

Session Fixation

firefox is vulnerable to session fixation. The vulnerability exists as firefox does not properly interpret Set-Cookie headers within response that have a 407 status code...

Man-in-the-Middle (MitM)

firefox/thunderbird is vulnerable to man-in-the-middle attacks. The address bar can be spoofed by operating a proxy server that provides a 407 HTTP status code accompanied by a malicious web script...

DEBIAN-CVE-2018-20068

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

On error at /rest/ stack-trace is publicly visible

h3. Summary On Confluence server 6.12.2 requesting wrong REST URL /rest/cql/contenttypes?category=test we will see full stack-trace. The same we can see at https://confluence.atlassian.com/rest/cql/contenttypes?category=test On production, a regular user should not see the stack-trace when an err...

DeepSearch - Advanced Web Dir Scanner

DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots Usage Basic: python3 deepsearch.py -u...

CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...

UBUNTU-CVE-2018-19115

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...

GHSA-45XM-V8GQ-7JQX Excessive memory allocation

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

Design/Logic Flaw

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

Atlas - Quick SQLMap Tamper Suggester

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Screen Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas $ cd atlas $ python atlas.py Usage $ python atlas.py --url http://site.com/index.php?id=PriceASC...

JCS - Joomla Vulnerability Component Scanner

JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...

How in the JSON endpoint on the use of CSRF vulnerabilities-vulnerability warning-the black bar safety net

! （CSRF + Flash + HTTP 307）=don't say you have“dead”! If you want to go through a third-party attacker control of the server in the JSON endpoint using a CSRF vulnerability, I give you recommend one called json-flash-csrf-poc GitHub project【download】 it. Background story In a recent penetration...

Logic design flaws in Tap Tech's smart CAPTCHA system

Smart CAPTCHA system is a new generation of Internet CAPTCHA system. A logical design vulnerability exists in the Smart CAPTCHA System of Point and Click Technology. An attacker can bypass the graphical CAPTCHA of the mouse-click method by modifying the status code, which can be utilized to bypas...