60 matches found
No-IP DUC RCE Vulnerability
No-IP DUC is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1686-1 : no-ip - buffer overflow
A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 1686-1] New no-ip packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1686-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 14, 2008 http://www.debian.org/security/faq -...
DSA-1686-1 no-ip - arbitrary code execution
Bulletin has no description...
CVE-2008-5297
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function...
CVE-2008-5297
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function...
Buffer overflow
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function...
CVE-2008-5297
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function...
CVE-2008-5297
The CVE-2008-5297 issue affects the No-IP DUC/no-ip-updater, where the GetNextLine() function in noip2.c lacks a length check, causing a stack-based buffer overflow. This allows a remote attacker to execute arbitrary code by sending a crafted HTTP response to DNS update traffic. Exploitation is c...
No-IP Dynamic Update Client远程栈溢出漏洞
BUGTRAQ ID: 32344 No-IP Dynamic Update Client是用于保持IP地址与特定DNS主机名同步的工具。 No-IP Dynamic Update Client没有正确地处理从dynupdate.no-ip.com接收到的HTTP响应,如果攻击者通过中间人或DNS欺骗攻击伪造了DNS服务器的话,则客户端用户在连接到该服务器执行升级的时候就可能触发栈溢出,导致执行任意指令。 No-IP Dynamic Update Client 2.1.7 No-IP ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本...
No-IP DUC <= 2.1.7 Remote Code Execution Exploit
No description provided by source. / | |/ / / |/ / / / | / / / / /|/ / / / / / / / / / / / / // / / / / // / // // / //|// //// //,//,/ xenomuta arroba phreaker punto net http://xenomuta.tuxfamily.org/ - Methylxantina 256mg Permlink: http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c...
No-IP DUC <= 2.1.7 Remote Code Execution Exploit
Exploit for linux platform in category remote exploits ================================================ No-IP DUC include include include include include include include define HTTPOK "HTTP/1.1 200 OK\r\n\r\n" define NOIPPORT 8245 define uchar unsigned char / Offsets del shellcode x version ubica...
Default credentials
No-IP Dynamic Update Client DUC 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the 1 TrayPassword, 2 Username, 3 Password, and 4 Hosts registry values...
CVE-2008-2747
No-IP Dynamic Update Client DUC 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the 1 TrayPassword, 2 Username, 3 Password, and 4 Hosts registry values...
CVE-2008-2747
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows stores sensitive data in the HKLM\SOFTWARE\Vitalwerks\DUC registry key with weak permissions, allowing local users to read (TrayPassword, Username, Password, Hosts) and obtain obfuscated passwords and other sensitive information. This CVE is docu...
CVE-2008-2747
No-IP Dynamic Update Client DUC 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the 1 TrayPassword, 2 Username, 3 Password, and 4 Hosts registry values...
No-IP DUC Client for Windows - Local Information Disclosure
No-IP DUC Client for Windows - Local Information Disclosure source: https://www.securityfocus.com/bid/29758/info The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to...
DUC NO-IP Local Password Information Disclosure Vulnerability
/ DUC NO-IP Local Password Information Disclosure Authors: Charalambous Glafkos George Nicolaou Date: March 11, 2008 Site: http://www.astalavista.com Mail: [email protected] [email protected] Synopsis: DUC NO-IP is prone to an information disclosure vulnerability due to a design error...
No-IP DUC Client for Windows - Local Information Disclosure
source: https://www.securityfocus.com/bid/29758/info The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in...
CVE-1999-1216
Cisco routers (9.17 and earlier) are affected by CVE-1999-1216 via improper handling of IP source routed packets. The underlying issue allows remote attackers to bypass security restrictions by sending source-routed traffic that should be denied with the no ip source-route command. This is a netw...