41 matches found
CVE-1999-0223
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry...
CVE-2025-34317
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HT...
CVE-2025-34318
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...
EUVD-2025-36514
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...
EUVD-2025-36515
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME parameter when adding a new DNS entry. When a user adds a DNS entry, the application issues an HT...
CVE-2025-34318
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...
CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...
CVE-2025-34318
IPFire
CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)
IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...
CVE-2025-34317
IPFire before 2.29 (Core Update 198) suffers a stored XSS via the TLS_HOSTNAME parameter when adding DNS entries. An authenticated attacker can inject JavaScript through /cgi-bin/dns.cgi (TLS_HOSTNAME), which is stored and later rendered in the web interface, allowing script execution in other us...
PT-2025-44177
Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the TLS...
EUVD-2016-1818
Malware in sbrugna...
EUVD-1999-0223
Malware in sbrugna...
EUVD-2000-0540
Malware in sbrugna...
EUVD-2016-1852
Malware in sbrugna...
EUVD-2019-14772
Malware in sbrugna...
CVE-2024-57174
A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access...
GHSA-H97M-WW89-6JMQ `idna` accepts Punycode labels that do not produce any non-ASCII when decoded
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...
Affirm: Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ]
Summary: I was looking at recent disclosed report 1297689 and I was thinking to take a look for the same issue on this asset as I love to test for subdomain takeover vulnerabilities. While testing I noticed a DNS entry for ███████.████.██████████.com is CNAME ████.███████████ which's TLD is not...
Zomato: subdomain takeover on fddkim.zomato.com
Our subdomain fddkim.zomato.com was vulnerable to a 0-day subdomain takeover vulnerability on Freshdesk. The DNS entry was removed on our end to fix this. HOW I hacked thousand of subdomains writeup--https://medium.com/@moSec/how-i-hacked-thousand-of-subdomains-6aa43b92282c...