Denial Of Service (DoS)

The gzip package is vulnerable to Denial Of Service DoS. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch LZW compression algorithm. If a victim expanded a specially-crafted archive, it could cause gz...

Arbitrary Code Execution

libtiff is vulnerable to arbitrary code execution. The vulnerability exists as multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application...

Denial Of Service (DoS)

netty-codec is vulnerable to denial of service DoS. The vulnerability exists as it was possible to send a large data for compression, causing large buffer allocation sizes in the client JVM...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB Server Message Block protocol, specifically SMBv3. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script, which sends a specially crafted SMB negotiate request to...

DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests

This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple files Gzip compression supported Now supports...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796-CNA This implementation is based on the POC pro...

SMBv3 Compression Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMBv3 Compression Buffer Overflow', 'Description' = %q A vulnerability exists within the Microsoft Server Message Block 3.1.1 SMBv3 protocol that...

DEBIAN-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

ALPINE-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

UBUNTU-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote)

A remote code execution vulnerability exists in Microsoft Server Message Block 3.1.1 SMBv3 protocol due to how it handles a maliciously crafted compressed data packet. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that this plug...

Accelerate SVG Delivery with Ion (A2)

As of March 2020, all Akamai Ion customers will benefit automatically from the more powerful Brotli/Zopfli compression algorithm for delivering their SVG files. The benefit of fewer SVG bytes is a positive impact on your visual performance KPIs First Meaningful Paint, Time to Visually Ready,...

Denial Of Service (DoS)

netty is vulnerable to denial of service DoS. During compression or decompression process of a streams of bytes using DEFLATE algorithm, the codec does not properly handle the buffer allocation sizes, leading to a memory pool exhaustion...

CVE-2020-6071

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...

DEBIAN-CVE-2020-6071

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...

CVE-2020-6071

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...

CVE-2020-6071

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...

CVE-2020-6071

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...

PT-2020-2143 · Videolabs +1 · Libmicrodns +1

Name of the Vulnerable Software and Affected Versions: Videolabs libmicrodns version 0.1.0 Description: A denial-of-service issue exists in the resource record-parsing functionality of libmicrodns. When parsing compressed labels in mDNS messages, the compression pointer is followed without checki...

Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attack...