3 matches found
EUVD-2023-39986
Malicious code in bioql PyPI...
PT-2023-25412 · Unknown · Insider Threat Management Server
Name of the Vulnerable Software and Affected Versions: Insider Threat Management Server versions prior to 7.14.3 Description: A missing authorization check in multiple URL validation endpoints enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. Recommendations...
djbdns misformats some long response packets; patch and example attack
The DNS packet format allows names to be compressed by replacing the suffix of a name with an encoded offset to another location in the packet where the suffix already exists. Because of the encoding scheme, valid offsets are limited to 16384. In djbdns 1.05, response.c handles name compression...