CVE-2019-25341

iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash...

FurqanSoftware/node-whois vulnerable to Prototype Pollution

A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to launch the attack remotely. Th...

Node WHOIS 安全漏洞

Node WHOIS is an open source WHOIS client for Node.js by Furqan Software. Node WHOIS has a security vulnerability that stems from a problem with an unknown function in the file index.coffee, which can lead to improperly controlled modifications of object prototype properties, resulting in prototy...

fail2ban 代码注入漏洞

fail2ban is a software application. Disable causes multiple hosts with authentication errors. fail2ban suffers from a code injection vulnerability that could lead to remote code execution. To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent b...

internic-xss.txt

Title : InterNIC WHOIS lookup XSS exploit Description : InterNIC has a WHOIS lookup function wich suffers from an XSS vulnerability Author : Tosser Contact : [email protected] Proof : http://reports.internic.net/cgi/whois?whoisnic=%3Ciframe%20src=%22javascript:alert'XSS'%22%3E&type=domain or go to...

CVE-2000-0941

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter...

Дырка в KW Whois (unparsed shell chars)

Вызов внешней программы со строкой введенной пользователем позволяет выполнить любое приложение на сервере...