Lucene search
+L

27 matches found

OSV
OSV
added 2022/12/05 10:15 p.m.6 views

AZL-11577 CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS6.7AI score0.14024EPSS
Exploits0References1
OSV
OSV
added 2022/12/05 10:15 p.m.3 views

ALPINE-CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS7.3AI score0.14024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/13 12:0 a.m.4 views

PT-2022-14094 · WordPress · Iq Block Country

Name of the Vulnerable Software and Affected Versions: iQ Block Country WordPress plugin versions prior to 1.2.20 Description: The issue allows threat actors to bypass the block feature by spoofing HTTP headers, as the plugin does not properly check these headers to validate the origin IP address...

7.5CVSS7.5AI score0.01191EPSS
Exploits2References3
Prion
Prion
added 2006/03/19 1:2 a.m.18 views

Authentication flaw

Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...

7.5CVSS7.2AI score0.01548EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/03/19 1:2 a.m.18 views

CVE-2006-1253

Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...

7.5CVSS6.6AI score0.01548EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/03/19 1:0 a.m.23 views

CVE-2006-1253

Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address...

6.6AI score0.01548EPSS
Exploits0References3
CVE
CVE
added 2006/03/19 1:0 a.m.48 views

CVE-2006-1253

CVE-2006-1253 affects glFTPd prior to 2.01 RC5, where a crafted DNS hostname could bypass IP checks, potentially spoofing an IP-like hostname. The PT-2006-2269 entry confirms the vulnerable range and provides a remediation: update to version 2.01 RC5 or later. No exploitation details are provided...

7.5CVSS6.7AI score0.01548EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder