14 matches found
CVE-2024-34361
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
EUVD-2024-25351
Malicious code in bioql PyPI...
CVE-2024-28247
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...
Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Amatu.a Vulnerability: Remote Arbitrary File Write RCE Family: Amatu Type: PE32...
Exploit for CVE-2024-34361
CVE-2024-34361 Pi-hole Remote Code Execution SSRF to RCE...
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
CVE-2024-34361
Pi-hole CVE-2024-34361 affects Core versions before 5.18.3. The vulnerability allows an authenticated user to make internal requests via gravity_DownloadBlocklistFromUrl(), potentially leading to remote code execution (RCE). A patch exists in 5.18.3. Public advisories from Red Hat and OSV describ...
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
CVE-2024-28247
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...
CVE-2024-28247 Pihole Authenticated Arbitrary File Read with root privileges
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...
CVE-2024-28247
Pi-hole Core (DNS sinkhole) is affected by CVE-2024-28247 due to an authenticated Arbitrary File Read via the file:// handling path. The issue allows an authenticated user to read internal server files, exploiting local-file update logic where non-domain lines printed from a provided file could r...
CVE-2024-28247 Pihole Authenticated Arbitrary File Read with root privileges
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...
CVE-2020-1645
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon mspmand process, responsible for managing "URL Filtering service", may crash, causing the...