exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Ubuntu Security Notice USN-5474-2
Posted Aug 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5474-2 - USN-5474-1 fixed vulnerabilities in Varnish Cache. Unfortunately the fix for CVE-2020-11653 was incomplete. This update fixes the problem. It was discovered that Varnish Cache could have an assertion failure when a TLS termination proxy uses PROXY version 2. A remote attacker could possibly use this issue to restart the daemon and cause a performance loss.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-11653
SHA-256 | 9f42bd8d47eeef57534724a225acf2e6270a8437cec9bc39c2b61610b5595336

Related Files

Zed Attack Proxy 1.4.0.1 Linux Release
Posted Apr 10, 2012
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

Changes: Syntax highlighting, fuzzdb integration, parameter analysis, enhanced XSS scanner, a port of some watcher checks, plugable extensions, and a load of bug fixes.
tags | tool, web, vulnerability
systems | linux, unix
SHA-256 | 3bd683f219f1a8e52a26eeb33d928851074609f5b42bca6c635ca3c707167d50
Umbraco 4.x Open Proxy
Posted Apr 6, 2012
Authored by Florent Daigniere | Site trustmatta.com

Vulnerable installations of Umbraco allow unauthenticated users to abuse the script FeedProxy.aspx into proxying requests on their behalf through the "url" parameter.

tags | advisory
advisories | CVE-2012-1301
SHA-256 | 19987edc1f1a1fecf2c9df97f5014d7f25ea604cf74d0337f115ba76e02245bc
Mandriva Linux Security Advisory 2012-044
Posted Mar 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-044 - A vulnerability has been found and corrected in cvs. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. The updated packages have been patched to correct this issue.

tags | advisory, web, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0804
SHA-256 | 891ba05686fa17391e069c49ba48e6a0ad5b0eba8fc97db8070e0ddf441eeff7
Proxy Check 02122011
Posted Mar 21, 2012
Authored by Alejandro Ramos | Site securitybydefault.com

Proxy Check is a tool that includes a website to automate testing for web proxy content filtering. It has a battery of tests that includes looking for typically malicious URLs, several PDF exploits, and more.

tags | tool, web, scanner
systems | linux, unix
SHA-256 | ac9e7fea81ae9f981e0e3a0a3524dbb37d2aefac198ef4e781a1ffbf6cab1891
Secunia Security Advisory 48460
Posted Mar 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - demonalex has discovered a vulnerability in at32 Reverse Proxy, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | c3da7fb247e5375b4fcafdfffec8e453be2b180a75385dedf217935ca7fceb78
at32 Reverse Proxy 1.060.310 Denial Of Service
Posted Mar 19, 2012
Authored by demonalex

at32 Reverse Proxy version 1.060.310 suffers from multiple HTTP header field denial of service vulnerabilities.

tags | exploit, web, denial of service, vulnerability
SHA-256 | 19613ca01eb9c3f61b2d576a3e623d93091cc41f733468f29135ad17c1b2a6c5
Ubuntu Security Notice USN-1371-1
Posted Feb 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0804
SHA-256 | 456195625d6524c03923a1457d002d80445f9f034e991f9bbf3bbe3eb73ae6a5
DNSChef 0.1
Posted Feb 22, 2012
Authored by Peter Kacherginsky | Site thesprawl.org

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

tags | local
systems | unix
SHA-256 | 855bcceb07688d98414efd3e963cb6ddd7ed293ef28ec31ac1b5a96d5409d7a9
Red Hat Security Advisory 2012-0323-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2012-0031, CVE-2012-0053
SHA-256 | 4e6fc0a992e66dc0e093b5bbb0e471ca71ba9957c66f52c0991686dc70659ccd
Red Hat Security Advisory 2012-0321-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0804
SHA-256 | 286bd54779b5c16c26d69ad0f13809a6a3ffda1eb265fbfeaf74bff12f263554
Ubuntu Security Notice USN-1368-1
Posted Feb 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | fa8c135df3525e7c504b7b8471eb4ffb02bbcb4cef2d2668c2621785aaf45c6c
Red Hat Security Advisory 2012-0128-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053
SHA-256 | 47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2
Secunia Security Advisory 47906
Posted Feb 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for Red Hat Network Proxy. This fixes a weakness, which can be exploited by malicious users to disclose certain sensitive information.

tags | advisory
systems | linux, redhat
SHA-256 | dd5b7e628342e61116eb49a673e516763c751149baee3c3bd7b3e5340c857f9c
Red Hat Security Advisory 2012-0102-01
Posted Feb 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0102-01 - Red Hat Network Proxy provides a mechanism for caching content, such as package updates from Red Hat or custom content created for an organization on an internal, centrally-located server. If a user submitted a system registration XML-RPC call to an RHN Proxy server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0059
SHA-256 | 37f7e303099d5969d003d6e0c8fbd2ff0aa151afe8c4376919c05979495ea3d8
Mandriva Linux Security Advisory 2012-013
Posted Feb 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
SHA-256 | 5c13b7ef97165e75959f465d2ce9e3b748e6c52f37c5fb1421c22c9982237007
Red Hat Security Advisory 2012-0085-01
Posted Feb 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0085-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. The same-origin policy in Thunderbird treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3670, CVE-2012-0442
SHA-256 | fe4d73c0e1fcfc4fc1ff96734d69098c1227b4827555ab95f7dcc0b4b1d719bf
Red Hat Security Advisory 2012-0084-01
Posted Feb 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0084-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. The same-origin policy in SeaMonkey treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3670, CVE-2012-0442
SHA-256 | 39ff68cd83efc384bf01448850de7e3a08a5b5755f99a6396e8299ecd7c70391
Zorp Proxy Firewall Suite 3.9.3
Posted Jan 29, 2012
Authored by Balazs Scheidler | Site balabit.com

Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.

Changes: This release fixes passphrase handling of trusted CA private keys and removes support for obsolete Linux versions and Solaris.
tags | tool, firewall
systems | unix
SHA-256 | 05c0dd91dd29762f5e296d14459621c31954abd49ee245eed81ed44d3cf305ae
Debian Security Advisory 2393-1
Posted Jan 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2393-1 - Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2012-0806
SHA-256 | aa0e1e2a4fec81c893d4428c6732094a2f6aba097136844a5a8ecb22a2e06f1f
Mandriva Linux Security Advisory 2012-003
Posted Jan 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-003 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a.htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ character and a : character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, overflow, local
systems | linux, mandriva
advisories | CVE-2011-3607, CVE-2011-4317
SHA-256 | c67cf79a3c62b81057754ad363ae14900efdb1f1fcbad2d4c3fd00086a37d2b6
Linux IPTables Firewall 1.4.12.2
Posted Jan 6, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: A handful of fixes were made in the option parser. Additional pkgconfig files are now available for libiptc.
tags | tool, firewall
systems | linux
SHA-256 | 09fff7dfe6af95675474fd5d0fc67622fac5a0f3d6e02ee614deae9a2e5dae13
Pound Reverse HTTP Proxy 2.6
Posted Dec 29, 2011
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Support for SNI via multiple Cert directives. A pre-defined number of threads for better performance on small hardware. Translation of hexadecimal characters in the URL for pattern matching. Support for a "Disabled" directive in the configuration. More detailed error logging. Allows multiple AddHeader directives.
tags | tool, web
systems | linux
SHA-256 | 0ad25e3652e22117abbc17a70b5d8913e05991318a5506bc7437e662616fdf21
NiX API Script
Posted Dec 20, 2011
Site nixapi.com

NiX API is a powerful anti-proxy, anti-fraud, and IP reputation lookup API. It uses the NiX database at cli.nixapi.com to determine IP country/region/city, data center details, satellite provider details, open proxy details, and Tor network association.

tags | tool, scanner
systems | unix
SHA-256 | 474102596a87d21818c553be365a5aee27299455bc52719a27f2ca79bcfa0979
Ubuntu Security Notice USN-1295-1
Posted Dec 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote, imap
systems | linux, ubuntu
advisories | CVE-2011-4318
SHA-256 | 6537b446fcea6b049718ea977697f880df756abeecdad9dba3605ca876e59b50
Pentesting Android Mobile Applications
Posted Dec 7, 2011
Authored by Khushboo Sharma

This is a brief whitepaper that discusses how to root your Android phone and then set up proxying to test applications.

tags | paper, root
SHA-256 | f68c4b71c20e99d858dfdd4434e216dfb1a4faefc63513a24ed2369fae56e59c
Page 2 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close