212 matches found
Froxlor 安全漏洞
Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.7 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the DomainZones.add API endpoint did not clean newline characters from TXT records,...
CVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA field
The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...
CVE-2026-41230
Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...
EUVD-2026-25180
Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...
CVE-2026-41230
Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...
HTTP Fetch, DNS TXT Record Payload Download and Execution
Fetch and execute an x86 payload from an HTTP server. Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then c...
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API
Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...
CVE-2026-26952
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...
CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...
CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...
CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...
PT-2026-20953
Name of the Vulnerable Software and Affected Versions Pi-hole versions 6.4 and below Description Pi-hole Admin Interface, a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application, is susceptible to stored HTML injection through the local DNS records...
SUSE CVE-2025-59029
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY...
CVE-2025-59029 Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
Linux Distros Unpatched Vulnerability : CVE-2025-59088
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS...
Ubuntu: Security Advisory (USN-7836-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2019-5873
Malware in sbrugna...
EUVD-2013-2034
Malware in sbrugna...