Exploit for CVE-2023-45288

PoC for CVE-2023-45288 This is a proof-of-concept code for th...

curl -- multiple vulnerabilities

Daniel Stenberg reports: CVE-2022-32221: POST following PUT confusion When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT...

Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3441-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3441-1 advisory. Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to...

C-Ares DNS库远程缓存毒药漏洞

C-Ares DNS库是一款可以执行DNS请求和异步名字解析的C库。 C-Ares DNS库使用安全DNS传送ID存在问题，远程攻击者可以利用漏洞进行DNS缓存"毒药"攻击，可进行中间人和欺骗伪造攻击。 C-Ares DNS库实现使用DNS "Transaction ID"字段使用的pseudo随机号码是递增的，因此可预测，可猜测的DNS "Transaction ID"可导致缓存"毒药"攻击。攻击者借此可以进行拒绝服务，中间人欺骗，伪造站点等攻击。 Daniel Stenberg c-ares 1.3.2 Daniel Stenberg c-ares 1.3.1 Daniel...