27 matches found
AZL-11577 CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2
A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...
ALPINE-CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...
PT-2022-14094 · WordPress · Iq Block Country
Name of the Vulnerable Software and Affected Versions: iQ Block Country WordPress plugin versions prior to 1.2.20 Description: The issue allows threat actors to bypass the block feature by spoofing HTTP headers, as the plugin does not properly check these headers to validate the origin IP address...
Authentication flaw
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...
CVE-2006-1253
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...
CVE-2006-1253
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...
CVE-2006-1253
CVE-2006-1253 affects glFTPd prior to 2.01 RC5, where a crafted DNS hostname could bypass IP checks, potentially spoofing an IP-like hostname. The PT-2006-2269 entry confirms the vulnerable range and provides a remediation: update to version 2.01 RC5 or later. No exploitation details are provided...