180 matches found
ISC BIND 9 vulnerable to denial of service via dynamic update request
Overview ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. It includes support f...
CVE-2009-0093
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD feature, and conduct...
CVE-2009-0093
MS09-008 fixes multiple DNS/WINS vulnerabilities in Windows servers that could allow remote attackers to spoof WPAD/ISATAP and hijack network traffic. The WPAD vulnerability (CVE-2009-0093) arises when dynamic updates are enabled and WPAD/ISATAP registrations are not restricted in DNS, enabling a...
DNS Server Dynamic Update Record Injection
It was possible to add a record into a zone using the DNS dynamic update protocol, as described by RFC 2136. This protocol can be used by DHCP clients to enter their host names into the DNS maps, but it could be subverted by malicious users to redirect network traffic. C Tenable Network Security,...
Default credentials
No-IP Dynamic Update Client DUC 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the 1 TrayPassword, 2 Username, 3 Password, and 4 Hosts registry values...
CVE-2008-2747
No-IP Dynamic Update Client DUC 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the 1 TrayPassword, 2 Username, 3 Password, and 4 Hosts registry values...
CVE-2008-2747
No-IP Dynamic Update Client DUC 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the 1 TrayPassword, 2 Username, 3 Password, and 4 Hosts registry values...
[Full-disclosure] mydns-1.1.0 remote heap overflow
The attached PoC causes a remote heap smash in mydns 1.1.0, the bug is found within the dynamic update code update.c. Exploitation requires update privs which tends not to matter too much if you know an IP address with privileges to do so, also allow-update = yes must be set in /etc/mydns.conf. T...
Microsoft DNS Server - Dynamic DNS Update/Change
/ Exploiting Microsoft DNS Dynamic Updates for Fun and profit Andres Tarasco Acuña - c 2007 Url: http://www.514.es By default, most Microsoft DNS servers integrated with active directory allow insecure dynamic updates for dns records. This feature allows remote users to create, change and delete...
Design/Logic Flaw
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions...
CVE-2007-0415
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions...
CVE-2007-0415
BEA WebLogic Server 8.1–8.1 SP5 is affected by an access-control bypass after dynamic update/redeployment of applications implemented as exploded jars. The vulnerability allows bypassing intended restrictions, but the provided documents do not specify a fix/patch version or a workaround. Exploita...
CVE-2007-0415
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions...
[SA12470] Sun Solaris in.named Dynamic Update Denial of Service Vulnerability
TITLE: Sun Solaris in.named Dynamic Update Denial of Service Vulnerability SECUNIA ADVISORY ID: SA12470 VERIFY ADVISORY: http://secunia.com/advisories/12470/ CRITICAL: Not critical IMPACT: DoS WHERE: From remote OPERATING SYSTEM: Sun Solaris 8 http://secunia.com/product/94/ DESCRIPTION: A...
KB4599861: Setup Dynamic Update for Windows 10, version 2004 and 20H2: February 2, 2021
KB4599861: Setup Dynamic Update for Windows 10, version 2004 and 20H2: February 2, 2021 Summary This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 10, version 2004 and 20H2. How to get this update This update is available through Windows...
Dynamic Update for Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2902816)
Dynamic Update for Windows 8.1 and Windows Server 2012 R2 for x64-based Systems KB2902816...
Dynamic Update for Windows 8.1 (KB2902816)
Dynamic Update for Windows 8.1 KB2902816...
2020-11 Dynamic Cumulative Update for Windows 10 Version 2004 for ARM64-based Systems (KB4594440)
2020-11 Dynamic Cumulative Update for Windows 10 Version 2004 for ARM64-based Systems KB4594440...
2020-11 Dynamic Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB4594440)
2020-11 Dynamic Cumulative Update for Windows 10 Version 2004 for x64-based Systems KB4594440...
2020-11 Dynamic Cumulative Update for Windows 10 Version 1909 for ARM64-based Systems (KB4594443)
2020-11 Dynamic Cumulative Update for Windows 10 Version 1909 for ARM64-based Systems KB4594443...