USN-5869-1: HAProxy vulnerability - Cyber Security News

Read Time:12 Second

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.

More Stories

Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution

Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt Contact:...

September 29, 2024

Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact:...

September 29, 2024

Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)

Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact:...

September 29, 2024

Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/68dd7df213674e096d6ee255a7b90088.txt Contact:...

September 29, 2024

Backdoor.Win32.Boiling / Remote Command Execution

Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/80cb490e5d3c4205434850eff6ef5f8f.txt Contact:...

September 29, 2024

Defense in depth — the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73

Posted by Stefan Kanthak on Sep 28 Hi @ll, <https://cwe.mitre.org/data/definitions/73.html> CWE-73: External Control of File Name or Path is a...

September 29, 2024