exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
Posted Apr 13, 2012
Authored by Gabriel Menezes Nunes

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.

tags | exploit, web, proof of concept, bypass
systems | unix
advisories | CVE-2012-2212, CVE-2012-2213
SHA-256 | fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5

Related Files

Secunia Security Advisory 47104
Posted Dec 5, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Blue Coat has acknowledged a vulnerability in Blue Coat ProxyAV, which can be exploited by malicious people to compromise a vulnerable device.

tags | advisory
SHA-256 | a1f5ca6a34187f03266a8c3bf002d0ae6e27c9cbb8822afc640019d746ac9622
Vega Web Security Scanner 1.0 Beta Windows 64 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Windows 64-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | windows, unix
SHA-256 | f501b5542283ff5314d059149275673e0bd3f582e2dd9bf874a957a697e82340
Vega Web Security Scanner 1.0 Beta Windows 32 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Windows 32-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | windows, unix
SHA-256 | aad4eea58cb70eb9f9a3c522f982077489d855b953bf6c30fe9e69c295845898
Vega Web Security Scanner 1.0 Beta Linux 64 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Linux 64-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | linux, unix
SHA-256 | 79b0faa76f914a0c26cf4ca2caecfa49914eab314ac80353d7d28ca80cdc2589
Vega Web Security Scanner 1.0 Beta Linux 32 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Linux 32-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | linux, unix
SHA-256 | 8ea6a4d731627a6b4e2c1666316af08385acd6507d9b252567b02a0faa05bc80
Vega Web Security Scanner 1.0 Beta Mac OS X 64 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | unix, apple, osx
SHA-256 | f98c5c3496b4a9067e27396e9930598b9b91eca1b92f93f106307ab600f26eb7
Vega Web Security Scanner 1.0 Beta Mac OS X 32 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | unix, apple, osx
SHA-256 | 68d8eea7c407151d911b13b7a8fcec1ba0338f7ace0e93b2f6ae207db03938e5
Linux IPTables Firewall 1.4.12.1
Posted Nov 15, 2011
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: Assorted bug fixes.
tags | tool, firewall
systems | linux
SHA-256 | 77e6581f21f15946a814fa311236e5f3f7c6593180f9d695cea06aa95e464aba
Secunia Security Advisory 46033
Posted Nov 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in KnProxy, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 66cd08f6464ac0e61919c486677f62dec7ea691dbf96df61bd861a1efdbb411a
Ubuntu Security Notice USN-1259-1
Posted Nov 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1176, CVE-2011-3348, CVE-2011-3368
SHA-256 | 7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0
Mandriva Linux Security Advisory 2011-168
Posted Nov 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2011-3348, CVE-2011-3192
SHA-256 | 5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fb
Ubuntu Security Notice USN-1248-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.

tags | advisory, spoof
systems | linux, ubuntu
advisories | CVE-2011-3365
SHA-256 | b72f099c8d8ac3650765e3fd99be619d5711842026d8fc594ef9d2cacd4f30d8
Secunia Security Advisory 46556
Posted Oct 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered a vulnerability in Cyclope Internet Filtering Proxy, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 6e1e5803a2b32187f3a45adf1518b5a8116d9cbe677afd25e2e295ddeea560f5
Cyclope Internet Filtering Proxy 4.0 Denial Of Service
Posted Oct 21, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy version 4.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 88e107c4bd84cd131ab1004d7397c57eab86ce2aa642b91196f8730223d2e824
Red Hat Security Advisory 2011-1392-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1392-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3368
SHA-256 | 38d5d3cdd137a8ddd27f61f26b4d6bd80a8be345b51f7fcd45471eb5bb0f29ba
Red Hat Security Advisory 2011-1391-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368
SHA-256 | fa52da6f043cacb48e73017394b763ecd084cb2327279a656bc387db875101fc
Cyclope Internet Filtering Proxy Cross Site Scripting
Posted Oct 20, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1
Apache mod_proxy Proof Of Concept
Posted Oct 11, 2011
Authored by Rodrigo Marcos | Site secforce.co.uk

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, web, proof of concept
advisories | CVE-2011-3368
SHA-256 | 75f36dfa842b3b7a95c175cb265cef819693d09f8c78a6ec91fe76cb8705da9e
Mandriva Linux Security Advisory 2011-144
Posted Oct 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-144 - The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial \@ character.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2011-3368
SHA-256 | 0398641523906dd465280a2065f7651a540f0b837cf29816dc29705635f4b67e
Apache Reverse Proxy Bypass
Posted Oct 6, 2011
Authored by Michael Jordon, Context Information Security Ltd, David Robinson | Site contextis.co.uk

Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected.

tags | exploit
advisories | CVE-2011-3368
SHA-256 | cc7c3ff195e475a2b7ec8ea66d98deaebf0cf9dedd7ae209991e3d3c5d4274d8
Apache mod_proxy Reverse Proxy Exposure
Posted Oct 6, 2011
Site apache.org

The Apache mod_proxy module suffers from a reverse proxy exposure vulnerability.

tags | advisory
advisories | CVE-2011-3368
SHA-256 | 99c1b40cb499bb7230f6dcb7690b190f0ac5434e9e581f118b4b1969c1691dbb
Zed Attack Proxy (ZAP) 1.3.2
Posted Sep 28, 2011
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Linux releases are all included in this file.

Changes: Various updates and enhancements.
tags | web, vulnerability
systems | linux, windows, apple, osx
SHA-256 | 318b8a7ac7957abf70378a1b16c1e6d177b97355de8922a2a727da46027d793a
Lanuguage Pack For ZAP 1.3.2
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the language pack for Zed Attack Proxy (ZAP). Languages supported include English, Brazilian Portuguese, Chinese, Danish, French, German, Greek, Indonesian, Japanese, Polish, and Spanish.

tags | web
SHA-256 | 6183ff2dcbca1d90de8be214492f2c35ec55b93ada75f15714619cc720a1aaa9
Zed Attack Proxy (ZAP) Client API 0.1 Alpha
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the client API for the Zed Attack Proxy (ZAP).

tags | web
SHA-256 | 6d7cff323c60e89b38a9a849a33616a16931393cd68b4f5494c52abb8537b820
Red Hat Security Advisory 2011-1293-01
Posted Sep 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1293-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3205
SHA-256 | ea39bfc892a77fdbe8a6f552fe2926423db15874fcc35fa5cc0dfca4f6715324
Page 3 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close