Information Disclosure

github.com/helm/helm is vulnerable to Information Disclosure. The vulnerability is due to the DNS lookup chart that can disclose IP addresses to a malicious DNS server, which are used to lookup IP addresses when used with the helm install|upgrade|template command via the vulnerable getHostByName...

Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CNVD-2018-12562)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the United States.Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.Windows Domain Name Windows Domain Name Syste...

Security Advisory - Remote Code Execution Vulnerability in Windows DNSAPI

Microsoft released a security advisory to disclose a remote code execution vulnerability in Windows Domain Name System DNS DNSAPI.dll. An unauthenticated, remote attacker would use a malicious DNS server to send corrupted DNS responses to the target. The attacker could exploit the vulnerability t...

Systemd resolved dns_packet_read_type_window Infinite Loop (CVE-2017-15908)

A denial-of-service vulnerability exists in the dnspacketreadtypewindow function of systemdresolved component in the systemd project. This vulnerability is due to the incorrectly parsing of NSEC records in a DNS response. A malicious DNS server could exploit this vulnerability by sending a crafte...

Microsoft Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in the Domain Name System DNS DNSAPI.dll file in Microsoft Windows, which arises from a program's failure to properly handle DNS responses. A remote attacker...

Technicolor TC7337 - SSID Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' //...

Systemd resolved dns_packet_new Heap Buffer Overflow (CVE-2017-9445)

A heap buffer overflow vulnerability exists in the dnspacketnew function of systemd-resolved. This vulnerability is due to the allocation of a heap buffer of insufficient size when handling DNS responses. A malicious DNS server can exploit this vulnerability by sending a crafted DNS response...

DNS TXT Record Parsing Buffer Overflow (CVE-2008-2469)

The Domain Name System DNS client service resolves and caches DNS names. LibSPF2 is a widely deployed implementation of Sender Policy Framework SPF. A buffer overflow vulnerability was reported in LibSPF2. An attacker who runs a malicious DNS server can exploit this vulnerability by sending a...

FreeBSD-SA-02:19.squid

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:19 Security Advisory FreeBSD, Inc. Topic: squid heap buffer overflow in DNS handling Category: ports Module: squid24 Announced: 2002-03-26 Credits: zen-parse Affects:...

xtell 1.91.12.6.1 - Multiple Remote Buffer Overflow Vulnerabilities

xtell 1.91.12.6.1 - Multiple Remote Buffer Overflow Vulnerabilities // source: https://www.securityfocus.com/bid/4193/info xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix...