MiracleLinux 4 : curl-7.19.7-36.AXS4 (AXSA:2013-429:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-429:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

EUVD-2016-0776

Malware in sbrugna...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

Alphion ASEE-1443 安全漏洞

The Alphion ASEE-1443 is a wireless router from Alphion. A security vulnerability exists in the Alphion ASEE-1443 version v0.4.H.00.02.15, which stems from a misconfiguration of the default DNS suffix, which could lead to the disclosure of sensitive information...

domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

GHSA-CQFH-C4C5-C2HG domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

CVE-2024-25354 affects domain-suffix 1.0.8 (Node.js) with a RegEx Denial of Service in the parse function that can crash the application when given crafted input. Root cause: excessive backtracking in the regular expression. Impact: denial of service/crash; exploitation details are provided in pu...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

domain-suffix 安全漏洞

domain-suffix is a Node.js package. A security vulnerability exists in domain-suffix version 1.0.8, which stems from a vulnerability that allows an attacker to crash an application using crafted input via the parse function...

PT-2024-20898 · Unknown · Domain-Suffix

Name of the Vulnerable Software and Affected Versions: domain-suffix version 1.0.8 Description: The issue allows attackers to crash the application via crafted input to the parse function, resulting in a Denial of Service. This is achieved through a RegEx Denial of Service in the domain-suffix...

SUSE CVE-2013-1944

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL...

Scrapy cookie-setting is not restricted based on the public suffix list

Impact Responses from domain names whose public domain name suffix contains 1 or more periods e.g. responses from example.co.uk, given its public domain name suffix is co.uk are able to set cookies that are included in requests to any other domain sharing the same domain name suffix. Patches...

How to configure XenMobile to use multiple domain suffix in LDAP config

Enroll devices using alternate upn suffix and configure Citrix Endpoint Management to use a domain suffix for authentication. Refer to Citrix documentation - Citrix Gateway and Endpoint Management...

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

Slack: Slack OAuth2 "redirect_uri" Bypass

Hi, I've found a way to circumvent redirecturi restrictions imposed by the web application using domain-suffix/subdomain technique. I created an OAuth application under https://api.slack.com/applications/new. That has OAuth redirecturi configured to http://www.google.com. So technically Allowed...