Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proxy vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-19784
The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for malicious users to calculate the authorization data needed for local file inclusion.
Php-proxy Php-proxy 5.1.0
5.8
CVSSv2
CVE-2017-1000070
The Bitly oauth2_proxy in version 2.1 and previous versions was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819
Oauth2 Proxy Project Oauth2 Proxy
5.8
CVSSv2
CVE-2021-21291
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a d...
Oauth2 Proxy Project Oauth2 Proxy
5.5
CVSSv2
CVE-2021-21411
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization w...
Oauth2 Proxy Project Oauth2 Proxy
5.8
CVSSv2
CVE-2020-11053
In OAuth2 Proxy prior to 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This re...
Oauth2 Proxy Project Oauth2 Proxy
5
CVSSv2
CVE-2018-19246
PHP-Proxy 5.1.0 allows remote malicious users to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default confi...
Php-proxy Php-proxy 5.1.0
1 EDB exploit
2 Github repositories
5
CVSSv2
CVE-2018-19458
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Php-proxy Php-proxy 3.0.3
1 EDB exploit
5
CVSSv2
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions prior to 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
Http-proxy Project Http-proxy
5.8
CVSSv2
CVE-2020-4037
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect UR...
Oauth2 Proxy Project Oauth2 Proxy
5.8
CVSSv2
CVE-2020-5233
OAuth2 Proxy prior to 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
Oauth2 Proxy Project Oauth2 Proxy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »