16 matches found
CVE-2019-25588
BulletProof FTP Server 2019.0.0.50 contains a local-denial of service vulnerability in the DNS Address field. By enabling DNS Address in the Firewall settings and pasting a ~700-byte buffer, an attacker can crash the application when Test is invoked. Affects BulletProof FTP Server 2019.0.0.50; ro...
CVE-2021-36380
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi...
CVE-2023-22817
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
CVE-2023-22817
CVE-2023-22817 describes an SSRF vulnerability in Western Digital My Cloud OS 5 (prior to 5.27.161), My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices (prior to 9.5.1-104). The issue stems from insufficient validation of incoming requests, allowing a rogue server on the local network to m...
CVE-2023-22817 Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
SUSE-SU-2024:0317-1 Security update for openconnect
This update for openconnect fixes the following issues: - Update to release 9.12: Explicitly reject overly long tun device names. Increase maximum input size from stdin 579. Ignore 0.0.0.0 as NBNS address !446, vpnc-scripts58. Fix stray null in URL path after Pulse authentication 4023bd95. Fix...
VulnCheck KEV: CVE-2021-36380
Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi...
CVE-2021-36380
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi...
BulletProof FTP Server 2019.0.0.50 - DNS Address Denial of Service (PoC)
BulletProof FTP Server 2019.0.0.50 - DNS Address Denial of Service PoC Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link:...
BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested...
BulletProof FTP Server 2019.0.0.50 - (DNS Address) Denial of Service Exploit
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 10 Single...
BulletProof FTP Server 2019.0.0.50 DNS Address / Storage-Path Denial Of Service
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested...
Design/Logic Flaw
Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...
CVE-2015-8899
Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...
CVE-2015-8899
Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...
Hawking Technology WR254-CA wireless routers hardcoded DNS server address
139.175.55.244 DNS address is hardcoded...