OS Command Exec, Unix Command Shell, Bind TCP (via netcat)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via netcat Module Options msf use payload/php/unix/cmd/bindnetcat msf payloadbindnetcat show actions ...actions... msf payloadbindnetcat set ACTION msf payloadbindnetcat show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Bind TCP (stub)

Execute an OS command from PHP. Listen for a connection and spawn a command shell stub only, no payload Module Options msf use payload/php/unix/cmd/bindstub msf payloadbindstub show actions ...actions... msf payloadbindstub set ACTION msf payloadbindstub show options ...show and set options... ms...

OS Command Exec, Unix Command Shell, Bind TCP (via R)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via R Module Options msf use payload/php/unix/cmd/bindr msf payloadbindr show actions ...actions... msf payloadbindr set ACTION msf payloadbindr show options ...show and set options... msf payloadbindr r...

SUSE: Security Advisory (SUSE-SU-2025:0355-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

com.github.jinahya:jsonrpc-bind-tests (=0.7.1), org.amebastack.container:ameba-container-grizzly (>=0.1.6c <=0.1.6e) +185 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=7.0.0.Alpha1 <=7.0.0.Alpha6)

org.hibernate.validator:hibernate-validator MAVEN version =7.0.0.Alpha1, =0.1.6c, =0.1.2, =0.1.2, =0.1.2, =0.1.6c, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-RC1 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427, CVE-2025-4428 Source advisory: OSV:GHSA-7V6M-28JR-RG84...

Malicious code in logs-bind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1b3e0356557e3a4e1419ab8464c700e9ed6ae5db88ab1e382780b8d2fbe622b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4628 Malicious code in logs-bind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1b3e0356557e3a4e1419ab8464c700e9ed6ae5db88ab1e382780b8d2fbe622b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2025:01787-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01787-1 advisory. Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure...

Security update for bind

This update for bind fixes the following issues: Update to version 9.20.9. Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...

SUSE-SU-2025:01787-1 Security update for bind

This update for bind fixes the following issues: Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...

PHP Exec, PHP Meterpreter, Bind TCP Stager IPv6 with UUID Support

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection over IPv6 with UUID Support Module Options msf use payload/cmd/unix/php/meterpreter/bindtcpipv6uuid msf payloadbindtcpipv6uuid show actions ...actions... msf...

PHP Exec, PHP Command Shell, Bind TCP (via php) IPv6

Execute a PHP payload as an OS command from a Posix-compatible shell. Listen for a connection and spawn a command shell via php IPv6 Module Options msf use payload/cmd/unix/php/bindphpipv6 msf payloadbindphpipv6 show actions ...actions... msf payloadbindphpipv6 set ACTION msf payloadbindphpipv6...

ABB M2M Gateway Memory Leak in embedded Bind (CVE-2022-38178)

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. This plugin only works with Tenable.ot. Please visit...

ABB M2M Gateway HTTP Request Smuggling in embedded Bind (CVE-2021-25220)

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...

ABB M2M Gateway Uncontrolled Resource Consumption in embedded Bind (CVE-2023-2828)

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

ABB M2M Gateway Uncontrolled Resource Consumption in embedded Bind (CVE-2023-3341)

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

bind-9.20.9-1.1 on GA media (moderate)

bind-9.20.9-1.1 on GA media Announcement ID: openSUSE-SU-2025:15156-1 Rating: moderate Cross-References: CVE-2025-40775 CVSS scores: CVE-2025-40775 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-40775 SUSE : 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N...

Advisory ROSA-SA-2025-2866

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.2.P2.res7.16 CVE-ID: CVE-2024-11187 BDU-ID: 2025-01459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to asymmetric resource consumption. Exploitation of the vulnerability allows an attacker...

Fedora: Security Advisory (FEDORA-2024-56ae6c2c7a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2025:15156-1 bind-9.20.9-1.1 on GA media

These are all security issues fixed in the bind-9.20.9-1.1 package on the GA media of openSUSE Tumbleweed...