3 matches found
CVE-2026-30932
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...
PT-2026-27480
Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.5 Description The DomainZones.add API endpoint, accessible to customers with DNS enabled, does not validate the content field for specific DNS record types LOC, RP, SSHFP, TLSA. This allows an attacker to inject...
UBUNTU-CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...