19 matches found
EUVD-2012-3481
Malware in sbrugna...
EUVD-2023-32365
Malicious code in bioql PyPI...
CVE-2024-35538
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...
CVE-2020-1755
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
PT-2024-25905 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 5.85.1 and earlier Description: The issue allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. The vendor recommends installing Ghost...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limiting protection mechanism by using multiple X-Forwarded-For headers with different values. Affected software: Ghost, version 5.85.1 and earlier. Root cause: abuse of X-Forwarded-For headers to defeat rate-limiting. ...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
Code injection
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application...
CVE-2023-28727
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers...
Authentication flaw
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers...
CVE-2020-1755
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks...
Squid Software Foundation Squid HTTP Caching Proxy Denial of Service Vulnerability (CNVD-2018-05766 )
Squid Software Foundation Squid HTTP Caching Proxy is an open source HTTP caching proxy software . A security vulnerability exists in the handling of HTTP Response X-Forwarded-For packet headers in versions of Squid Software Foundation Squid HTTP Caching Proxy prior to 4.0.23. An attacker could...
Cross site request forgery (csrf)
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...
Cross site request forgery (csrf)
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
CVE-2012-2566
CVE-2012-2566 concerns Bloxx Web Filtering prior to 5.0.14. The issue is that the product does not correctly interpret the X-Forwarded-For header during HTTPS access-control and logging, which can allow an unauthenticated user to bypass IP/domain restrictions and produce misleading logs. The entr...
Cross site scripting
Cross-site scripting XSS vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the 1 Referer or 2 X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats...