Pi-hole 跨站脚本漏洞

Pi-hole is a multi-platform, network-wide ad-blocking tool. A stored cross-site scripting vulnerability exists in DNS query logs in versions prior to Pi-hole 5.2.2. An attacker can exploit this vulnerability by directly or indirectly querying DNS using a malicious hostname to execute arbitrary...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2016:2872-1) (Shellshock)

This update for bash fixes the following issues : - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the...

Command Injection

Overview The dns-sync library for node.js allows resolving hostnames in a synchronous fashion All versions of dns-sync prior to the release 0.1.1 were vulnerable to arbitrary command execution via maliciously formed hostnames. For example: var dnsSync = require'dns-sync';...

D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the rout...

D-Link AirPlus DI-614+ / DI-624 / DI-704 - DHCP Log HTML Injection

source: https://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the router can craft malicious DHCP...