CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

EUVD-2012-1071

Malware in sbrugna...

EUVD-2012-1219

Malware in sbrugna...

EUVD-2022-4189

Malicious code in bioql PyPI...

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

CVE-2012-1191

The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names"...

SUSE CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

SUSE CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

SUSE CVE-2018-1043

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...

GHSA-HPWM-84H5-VQR8 Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...

U.S. Dept Of Defense: EC2 subdomain takeover at http://████████/

There is a dangling DNS A record that points to an EC2 instance that no longer exists, I was able to claim the EC2 instance and host content on http://███████/. Steps To Reproduce: 1. Visit http://█████████/██████████.html and view the PoC: ██████ Suggested Remediation Steps Remove the A record...

8x8: DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com

@melbadry9 reported to us an issue with an A record which pointed to subdomains outside of 8x8's control. This was caused due to a misconfiguration in a script, together with changes in AWS' DNS resolution behaviour. The issue has been rectified...

DNSProbe - A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers

DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. Features Simple and Handy utility to query DNS records. Usage dnsprobe -h This will display help for the tool. Here are all the switches it...

Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains

Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover. Turbolist3r queries public DNS servers for each discovered subdomain. If the subdoma...

CVE-2018-1043

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...

CVE-2018-1043

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...

Session fixation

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...

CVE-2018-1043

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...

CVE-2018-1043

The data points to CVE-2018-1043 affecting Moodle 3.x: the blocked hosts list can be bypassed using multiple A-record hostnames. The related metrics indicate a CVSS v3 base score of 6.5 (I=High, A=None, C=None; network attack, low complexity, low privileges required, no user interaction). No expl...

CVE-2018-1043

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...