CVE-2004-2480 – National Science Foundation Squid Proxy 2.3 - Internet Access Control Bypass
https://notcve.org/view.php?id=CVE-2004-2480
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. • https://www.exploit-db.com/exploits/24105 http://archives.neohapsis.com/archives/bugtraq/2004-05/0070.html http://www.securityfocus.com/bid/10315 https://exchange.xforce.ibmcloud.com/vulnerabilities/16153 •
CVE-2004-2479
https://notcve.org/view.php?id=CVE-2004-2479
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages. • http://fedoranews.org/updates/FEDORA--.shtml http://secunia.com/advisories/13408 http://secunia.com/advisories/16977 http://securitytracker.com/id?1012466 http://www.osvdb.org/12282 http://www.redhat.com/support/errata/RHSA-2005-766.html http://www.securityfocus.com/bid/11865 http://www.squid-cache.org/bugs/show_bug.cgi?id=1143 https://exchange.xforce.ibmcloud.com/vulnerabilities/18406 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9711 •
CVE-2004-0541 – Squid - NTLM (Authenticated) Overflow
https://notcve.org/view.php?id=CVE-2004-0541
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). Desbordamiento de búfer en la función ntlm_check_auth (autenticación NTLM) de Squid Web Proxy Cache 2.5.x y 3.x, cuando se compila con manejadores NTLM activados, permite a atacantes remotos ejecutar código de su elección mediante una contraseña larga (variable "pass") • https://www.exploit-db.com/exploits/16847 https://www.exploit-db.com/exploits/9951 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059 http://www.redhat.com/support/errata/RHSA-2004-242.html http:/& •
CVE-2001-0142
https://notcve.org/view.php?id=CVE-2001-0142
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. • http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html http://marc.info/?l=bugtraq&m=97916374410647&w=2 http://www.debian.org/security/2001/dsa-019 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3 http://www.securityfocus.com/bid/2184 https://exchange.xforce.ibmcloud.com/vulnerabilities/5921 •
CVE-1999-1481 – National Science Foundation Squid Web Proxy 1.0/1.1/2.1 - Authentication Failure
https://notcve.org/view.php?id=CVE-1999-1481
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. • https://www.exploit-db.com/exploits/19567 http://www.securityfocus.com/archive/1/33295 http://www.securityfocus.com/bid/741 http://www.squid-cache.org/Versions/v2/2.2/bugs https://exchange.xforce.ibmcloud.com/vulnerabilities/3433 •