26 matches found
Malicious code in zer0one-dnslog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 903c45d49e6716373a67196c41e8acfbf8afa3320a635380ffe3403e8f127605 The package is published as a 'simple date formatting utility' but ships a postinstall payload that, on npm install, runs a curl pipeline against clo...
MAL-2026-5366 Malicious code in zer0one-dnslog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 903c45d49e6716373a67196c41e8acfbf8afa3320a635380ffe3403e8f127605 The package is published as a 'simple date formatting utility' but ships a postinstall payload that, on npm install, runs a curl pipeline against clo...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
PT-2025-53599
Name of the Vulnerable Software and Affected Versions Cola Dnslog version 1.3.2 Description The application processes DNS queries for TXT records by concatenating the requested URL with a base path using os.path.join. This allows for directory traversal or absolute path injection. Successful...
CVE-2025-57403
Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...
EUVD-2025-205449
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
Exploit for CVE-2025-55182
CVE-2025-55182-RCE-shell Detection -dnslog DNSLog N...
Exploit for Code Injection in Geoserver
⚠️ Disclaimer: This tool is intended only for security resea...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813POC CVE-2025-24813P...
Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow
Use dnslog to detect whether CVE-2024-37084 vulnerability exi...
Exploit for Code Injection in Vmware Spring_Cloud_Data_Flow
Detect vulnerabilities First, Use dnslog to detect whether CV...
Exploit for Expression Language Injection in Apache Struts
CVE-2021-31805 1. Introduction Struts2 Remote Command Exec...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
CVE-2022-30525 Zyxel Firewall Command Injection Vulnerability...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入漏洞 影响组件 USG FLEX 100...
Exploit for Expression Language Injection in Apache Struts
s2-062 Remote code execution for S2-062 CVE-2021-31805 – Ver...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 Poc for CVE-2022-22947 DnsLog When I w...