The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests.
ed746a61d9cbccb1057c23e5434dfedf83d50e04a1748a6e70de3df682955ee4SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake can automatically reveal the relationship between systems which are connected via SSH, which would normally take a tremendous amount of time and effort to perform manually.suffers from bypass and traversal vulnerabilities.
955ae990d1d900f97e789c6f6cb04dd954898e032e8e00fc6d4354e9508c09aeTwo and a half years ago an independent audit was performed on the Squid Caching Proxy, which ultimately resulted in 55 vulnerabilities being discovered in the project's C++ source code. Although some of the issues have been fixed, the majority (35) remain valid. The majority have not been assigned CVEs, and no patches or workarounds are available. Some of the listed issues concern more than one bug, which is why 45 issues are listed, despite there being 55 vulnerabilities in total (10 extra of the result of similar, but different pathways to reproduce a vulnerability). After two and a half years of waiting, the researcher has decided to release the issues publicly. This archive contains all of the proof of concept code released by the researcher.
8a60c32d038280c1edeea0a6969797283bd744dd1d8876f4879ad103db17b469Two and a half years ago an independent audit was performed on the Squid Caching Proxy, which ultimately resulted in 55 vulnerabilities being discovered in the project's C++ source code. Although some of the issues have been fixed, the majority (35) remain valid. The majority have not been assigned CVEs, and no patches or workarounds are available. Some of the listed issues concern more than one bug, which is why 45 issues are listed, despite there being 55 vulnerabilities in total (10 extra of the result of similar, but different pathways to reproduce a vulnerability). After two and a half years of waiting, the researcher has decided to release the issues publicly.
77ed12c6bd03c55cd63ef810517ab92f57f6a589120686609e66c3eec1485f06vBulletin versions prior to 4.2.2 suffer from a memcache related remote code execution vulnerability.
23d7611c78827df1aab052df9e22d7ce91c7fc1a021a7f88cdb20dcccb0b7d8cPaypal suffers from a two-factor authentication bypass vulnerability.
24457ef5527880a0a0aac8ad1972d107dd0beccd20fb9d4ea2a923cd5c44e4a83.ebay.com.au suffered from a remote SQL injection vulnerability.
ac896c8d7f84eab08d888bc38f0ffbac7bc78ada59535a0ebae9c502787f512cMyBB suffers from a remote SQL injection vulnerability in editpost.php.
3e1f5897db03165ac3bbaa6c77c89e9a66b17a7869a09e83c95360bc75857751Grep versions prior to 2.11 suffer from an integer overflow vulnerability.
67807e221404026810de6462ba04065c63a7aa98acbbef641e79defa6bf2a804
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed