77 matches found
CVE-2015-1457
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command...
OracleVM 3.3 : bind (OVMSA-2014-0084)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...
ht://Dig 3.2 Htsearch Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a...
CVE-2014-3859
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a crafted packet, as demonstrated by an attack against named, dig, or delv...
CVE-2008-6555
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command...
Fedora Update for htdig FEDORA-2007-3907
Check for the Version of htdig OpenVAS Vulnerability Test Fedora Update for htdig FEDORA-2007-3907 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
ht://Dig Htsearch跨站脚本漏洞
ht://Dig是一款用来webserver的索引和搜索文件的应用程序。 ht://Dig不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 问题是由于'sytnax.html'脚本对用户提交的WEB参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得目标用户敏感信息。 测试方法 http://foo.bar/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=scriptalert"foo"/script&words=foo ht://Dig...
ht:Dig 3.2 - Htsearch Cross-Site Scripting
ht:Dig 3.2 - Htsearch Cross-Site Scripting source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code...
ht://Dig 3.2 - Htsearch Cross-Site Scripting
source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context...
Integer overflow
Integer underflow in the dnsnamefromtext function in 1 libdnsnonsecure.a and 2 libdnssecure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" TSIG key command line argument to dig...
CVE-2007-4622
Integer underflow in the dnsnamefromtext function in 1 libdnsnonsecure.a and 2 libdnssecure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" TSIG key command line argument to dig...
CVE-2007-4622
CVE-2007-4622 describes an integer underflow in the dns_name_fromtext function within IBM AIX 5.2’s dig program (libdns_nonsecure.a and libdns_secure.a). The vulnerability enables local users to gain root privileges by supplying a crafted -y TSIG key argument to dig, due to an underflow in dns_na...
iDefense Security Advisory 10.30.07: IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability
IBM AIX dig dnsnamefromtext Integer Underflow Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND dig is a utility that is commonly used for DNS diagnostics. Under AIX 5.2, the dig program is installed by default and ...
CVE-2005-2849
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to 1 read portions of source code via the -f option to Dig digdevice.cgi, 2 determine file existence via the -r argument to Tcpdump tcpdumpdevice.cgi or 3 modify files in the...
CVE-2005-2849
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to 1 read portions of source code via the -f option to Dig digdevice.cgi, 2 determine file existence via the -r argument to Tcpdump tcpdumpdevice.cgi or 3 modify files in the...
CVE-2005-2849
CVE-2005-2849 affects Barracuda Spam Firewall firmware 3.1.16 and 3.1.17. The vulnerability is an argument injection in CGI scripts that grant attackers the following capabilities: read portions of source code via the -f option to Dig (dig_device.cgi); determine file existence via the -r option t...
2005.1.txt
ID : 2005.1 Product : Barracuda Spam Firewall Appliance Vendor : Barracuda networks Affected product : firmware Published date : 01/09/2005 Initial Vendor contact 2005-06-14 CVE : CVE-MAP-NOMATCH Solution : Install Firmware 3.1.18 Reference URL :...
CVE-2005-2684
nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query...
CVE-2005-2684
nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query...
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...