exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Ubuntu Security Notice USN-5474-2
Posted Aug 25, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5474-2 - USN-5474-1 fixed vulnerabilities in Varnish Cache. Unfortunately the fix for CVE-2020-11653 was incomplete. This update fixes the problem. It was discovered that Varnish Cache could have an assertion failure when a TLS termination proxy uses PROXY version 2. A remote attacker could possibly use this issue to restart the daemon and cause a performance loss.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-11653
SHA-256 | 9f42bd8d47eeef57534724a225acf2e6270a8437cec9bc39c2b61610b5595336

Related Files

Red Hat Security Advisory 2011-1791-01
Posted Dec 7, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2011-4096
SHA-256 | 9462f28ff2caece7931bb6bc345528dd2407fca7d2940e8d4d8ed21ebb083998
Secunia Security Advisory 47104
Posted Dec 5, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Blue Coat has acknowledged a vulnerability in Blue Coat ProxyAV, which can be exploited by malicious people to compromise a vulnerable device.

tags | advisory
SHA-256 | a1f5ca6a34187f03266a8c3bf002d0ae6e27c9cbb8822afc640019d746ac9622
Vega Web Security Scanner 1.0 Beta Windows 64 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Windows 64-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | windows, unix
SHA-256 | f501b5542283ff5314d059149275673e0bd3f582e2dd9bf874a957a697e82340
Vega Web Security Scanner 1.0 Beta Windows 32 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Windows 32-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | windows, unix
SHA-256 | aad4eea58cb70eb9f9a3c522f982077489d855b953bf6c30fe9e69c295845898
Vega Web Security Scanner 1.0 Beta Linux 64 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Linux 64-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | linux, unix
SHA-256 | 79b0faa76f914a0c26cf4ca2caecfa49914eab314ac80353d7d28ca80cdc2589
Vega Web Security Scanner 1.0 Beta Linux 32 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Linux 32-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | linux, unix
SHA-256 | 8ea6a4d731627a6b4e2c1666316af08385acd6507d9b252567b02a0faa05bc80
Vega Web Security Scanner 1.0 Beta Mac OS X 64 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 64-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | unix, apple, osx
SHA-256 | f98c5c3496b4a9067e27396e9930598b9b91eca1b92f93f106307ab600f26eb7
Vega Web Security Scanner 1.0 Beta Mac OS X 32 Bit
Posted Nov 29, 2011
Authored by Subgraph | Site subgraph.com

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own. This is the Mac OS X 32-bit version.

tags | tool, web, scanner, javascript, vulnerability, xss, sql injection
systems | unix, apple, osx
SHA-256 | 68d8eea7c407151d911b13b7a8fcec1ba0338f7ace0e93b2f6ae207db03938e5
Linux IPTables Firewall 1.4.12.1
Posted Nov 15, 2011
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: Assorted bug fixes.
tags | tool, firewall
systems | linux
SHA-256 | 77e6581f21f15946a814fa311236e5f3f7c6593180f9d695cea06aa95e464aba
Secunia Security Advisory 46033
Posted Nov 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in KnProxy, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 66cd08f6464ac0e61919c486677f62dec7ea691dbf96df61bd861a1efdbb411a
Ubuntu Security Notice USN-1259-1
Posted Nov 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1176, CVE-2011-3348, CVE-2011-3368
SHA-256 | 7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0
Mandriva Linux Security Advisory 2011-168
Posted Nov 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2011-3348, CVE-2011-3192
SHA-256 | 5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fb
Ubuntu Security Notice USN-1248-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.

tags | advisory, spoof
systems | linux, ubuntu
advisories | CVE-2011-3365
SHA-256 | b72f099c8d8ac3650765e3fd99be619d5711842026d8fc594ef9d2cacd4f30d8
Secunia Security Advisory 46556
Posted Oct 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered a vulnerability in Cyclope Internet Filtering Proxy, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 6e1e5803a2b32187f3a45adf1518b5a8116d9cbe677afd25e2e295ddeea560f5
Cyclope Internet Filtering Proxy 4.0 Denial Of Service
Posted Oct 21, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy version 4.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 88e107c4bd84cd131ab1004d7397c57eab86ce2aa642b91196f8730223d2e824
Red Hat Security Advisory 2011-1392-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1392-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3368
SHA-256 | 38d5d3cdd137a8ddd27f61f26b4d6bd80a8be345b51f7fcd45471eb5bb0f29ba
Red Hat Security Advisory 2011-1391-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368
SHA-256 | fa52da6f043cacb48e73017394b763ecd084cb2327279a656bc387db875101fc
Cyclope Internet Filtering Proxy Cross Site Scripting
Posted Oct 20, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1
Apache mod_proxy Proof Of Concept
Posted Oct 11, 2011
Authored by Rodrigo Marcos | Site secforce.co.uk

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, web, proof of concept
advisories | CVE-2011-3368
SHA-256 | 75f36dfa842b3b7a95c175cb265cef819693d09f8c78a6ec91fe76cb8705da9e
Mandriva Linux Security Advisory 2011-144
Posted Oct 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-144 - The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial \@ character.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2011-3368
SHA-256 | 0398641523906dd465280a2065f7651a540f0b837cf29816dc29705635f4b67e
Apache Reverse Proxy Bypass
Posted Oct 6, 2011
Authored by Michael Jordon, Context Information Security Ltd, David Robinson | Site contextis.co.uk

Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected.

tags | exploit
advisories | CVE-2011-3368
SHA-256 | cc7c3ff195e475a2b7ec8ea66d98deaebf0cf9dedd7ae209991e3d3c5d4274d8
Apache mod_proxy Reverse Proxy Exposure
Posted Oct 6, 2011
Site apache.org

The Apache mod_proxy module suffers from a reverse proxy exposure vulnerability.

tags | advisory
advisories | CVE-2011-3368
SHA-256 | 99c1b40cb499bb7230f6dcb7690b190f0ac5434e9e581f118b4b1969c1691dbb
Zed Attack Proxy (ZAP) 1.3.2
Posted Sep 28, 2011
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Linux releases are all included in this file.

Changes: Various updates and enhancements.
tags | web, vulnerability
systems | linux, windows, apple, osx
SHA-256 | 318b8a7ac7957abf70378a1b16c1e6d177b97355de8922a2a727da46027d793a
Lanuguage Pack For ZAP 1.3.2
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the language pack for Zed Attack Proxy (ZAP). Languages supported include English, Brazilian Portuguese, Chinese, Danish, French, German, Greek, Indonesian, Japanese, Polish, and Spanish.

tags | web
SHA-256 | 6183ff2dcbca1d90de8be214492f2c35ec55b93ada75f15714619cc720a1aaa9
Zed Attack Proxy (ZAP) Client API 0.1 Alpha
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the client API for the Zed Attack Proxy (ZAP).

tags | web
SHA-256 | 6d7cff323c60e89b38a9a849a33616a16931393cd68b4f5494c52abb8537b820
Page 3 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close