380 matches found
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
No description provided by source. !/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the most used Dynamic DNS provider...
Microsoft Seized No-IP Domains, Millions of Dynamic DNS Service Users Suffer Outage
In an effort to crackdown on cyber crimes, Microsoft has taken a legal action against a malware network what it thought is responsible for more than 7.4 million infections of Windows PCs across the globe. Millions of legitimate servers that rely on Dynamic Domain Name Service DDNS from No-IP.com,...
D-Link Router 2760N Cross Site Scripting
Advisory: D-Link Router 2760N DSL-2760U-BN Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223 ========================== Vulnerability Description ========================== Multiple Cross-Site Scripting XSS vulnerabilities present in D-Link...
Tor Botnet Makes Bad Move to Anonymity Network
MEvade, the massive botnet using Tor as a communication protocol, may have moved operations to the network in order to hamper potential takedown efforts, but according to security researchers, the move just served to shine a spotlight on the botnet’s activities. Rather than hide traffic from bots...
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
No-IP Dynamic Update Client DUC 2.1.9 - Local IP Address Stack Overflow !/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the...
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
!/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the most used Dynamic DNS provider worldwide, their Dynamic Update Client D...
No-IP Dynamic Update Client 2.1.9 Stack Overflow
!/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the most used Dynamic DNS provider worldwide, their Dynamic Update Client D...
Hacked Media Sites Serving Fake AV Malware
Websites belonging to a number of Washington, D.C.-area media outlets have been compromised in a series of opportunistic attacks with criminals using a watering-hole tactic to spread scareware, or phony antivirus software. Popular D.C. radio station WTOP, sister station Federal News Radio, and th...
Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages
The bulk of “unknown” malware is being delivered to systems via Web-based attacks, proxies and FTP sessions, according to a study released by Palo Alto Networks this week. The study dubbed “The Modern Malware Review,” found more than 26,000 malware samples, and focuses on what the firm calls...
Nmap NSE 6.01: http-malware-host
This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Spear Phishing Campaigns Use Fake Mandiant APT1 Report as Lure
People looking to download and read the Mandiant report on Chinese government attacks on U.S. infrastructure should look carefully at the name of the file before opening it. Researchers say that there are at least two different spear-phishing attacks going on right now that are using rigged copie...
Report: Malvertising Campaign Thrives on Dynamic DNS
A malvertising campaign that’s lasted almost half a year is staying alive thanks to infected web advertisements being circulated by otherwise clean ad networks. The campaign, now in its fifth month, relies on the Dynamic Domain Name System DDNS to keep it from being caught according to a report...
Thomson Wireless VoIP Cable Modem - Authentication Bypass
Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other Vulnerabilities: Unauthenticated Backup File Access, Plaintext Protocol...
FreeBSD Ports: isc-dhcp42-server
The remote host is missing an update to the system as announced in the referenced advisory. VID 1800886c-3dde-11e1-89b4-001ec9578670 OpenVAS Vulnerability Test $ Description: Auto generated from VID 1800886c-3dde-11e1-89b4-001ec9578670 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
CVE-2011-4868
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS DDNS and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets...
DEBIAN-CVE-2011-4868
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS DDNS and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets...
CVE-2011-4868
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS DDNS and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets...
isc-dhcp-server -- DoS in DHCPv6
ISC reports: Due to improper handling of a DHCPv6 lease structure, ISC DHCP servers that are serving IPv6 address pools AND using Dynamic DNS can encounter a segmentation fault error while updating lease status under certain conditions. The potential exists for this condition to be intentionally...
Debian Security Advisory DSA 2272-1 (bind9)
The remote host is missing an update to bind9 announced via advisory DSA 2272-1. OpenVAS Vulnerability Test $Id: deb22721.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2272-1 bind9 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2272-1 : bind9 - denial of service
It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates. %NASLMINLEVEL 70300 C Tenable Network Security,...