40 matches found
EUVD-2007-4373
Malware in sbrugna...
EUVD-2007-4209
Malware in sbrugna...
EUVD-2007-4188
Malware in sbrugna...
EUVD-2023-27695
Malicious code in bioql PyPI...
CVE-2023-23595
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...
CVE-2023-23595
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...
CVE-2023-23595
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...
Format string
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...
CVE-2023-23595
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...
CVE-2023-23595
BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...
PT-2023-19067 · Blue Coat · Bluecat Device Registration Portal
Name of the Vulnerable Software and Affected Versions: BlueCat Device Registration Portal version 2.2 Description: The issue allows XXE attacks that can exfiltrate single-line files, potentially containing credentials, such as those found in .netrc files. For example, a single-line file might...
BlueCat Networks Device Registration Portal 代码问题漏洞
BlueCat Networks Device Registration Portal is a standalone application from BlueCat Networks, Inc. for auditing and tracking all devices attempting to connect to the network. A security vulnerability exists in BlueCat Networks Device Registration Portal version 2.2 that stems from an XXE attack...
CVE-2023-23595
CVE-2023-23595 affects BlueCat Device Registration Portal (DRP) 2.2. The issue is an XXE vulnerability that can exfiltrate single-line files (for example, a line that could contain credentials in a .netrc-like format). Public details consistently describe the vulnerable component as the DRP and c...
BlueCat Networks Adonis 5.0.2 .8 CLI Remote Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25342/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input. An attacker with administrative privileges can explo...
BlueCat Networks Adonis 5.0.2 .8 TFTP Remote Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25214/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability. This issue occurs when Proteus appliances are used to upload files to an affected Adonis appliance for TFTP download. An...
BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
Overview A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses. Description BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC: There was an error in the DNSSEC NSEC/NSEC3 validation code that cou...
libspf2 DNS TXT record parsing buffer overflow
Overview libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. Description libspf2 is a widely-deployed implementation of the Sender Policy Framework. According to RFC 4408: An SPF record is a DNS Resource Record RR that declares which hosts are, and are not,...
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
Description Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to...
BlueCat Networks Adonis CLI远程权限提升漏洞
BUGTRAQ ID: 25342 Adonis是企业级的硬件DNS/DHCP管理设备。 Adonis设备对命令行请求的处理上存在漏洞,本地攻击者可能利用此漏洞控制设备。 如果在Adonis设备的管理员帐号所提供的CLI输入某个命令序列的话,就可能允许管理员以root用户权限执行命令。 Bluecat Networks Adonis 5.0.2.8 临时解决方法: 仅为可root访问设备的管理员提供管理员帐号。 厂商补丁: Bluecat Networks ---------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Command injection
The Command Line Interface CLI, aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command...