1288 matches found
HaE - BurpSuite Highlighter And Extractor
HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. Read Chinese simplified version READMEzh. Public Rules Website: https://gh0st.cn/HaE/ Introduction HaE is used to highlight HTTP requests and extract information from HTTP response...
USN-4724-1 openldap vulnerabilities
It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. CVE-2020-36221 It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A...
CVE-2021-3281
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...
Ubuntu: Security Advisory (USN-4715-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker who can create valid DNS replies could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq resulting in a denial of service. The highest threat from this vulnerability is to system availability.
...
ALPINE-CVE-2020-25682
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary...
DEBIAN-CVE-2020-25682
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary...
dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled
A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...
dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused b...
dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is cause...
dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused b...
dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused b...
dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is cause...
UBUNTU-CVE-2020-25682
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary...
Seat Reservation System 1.0 - Unauthenticated SQL Injection
Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version: 1.0 Teste...
Nuubi Tools - Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...
Gitjacker - Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only...
CVE-2007-4559
...
GHSA-435C-QCPM-WJW5 Malicious Package in fs-extar
All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...