EUVD-2024-1812

Malicious code in bioql PyPI...

Apache Hive Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-1332)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1260)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1172)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...

RHEL 8 : curl (RHSA-2024:0585)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0585 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

RHEL 9 : curl (RHSA-2024:0434)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0434 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

Debian dla-3692 : curl - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3692 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3692-1 [email protected]...

Fedora 39 : curl (2023-9de8973300)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9de8973300 advisory. - fix HSTS long file name clears contents CVE-2023-46219 - fix cookie mixed case PSL bypass CVE-2023-46218 Tenable has extracted the preceding...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2023:4659-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4659-1 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed bac...

rebindMultiA - Tool To Perform a Multiple A Record Rebind Attack

rebindMultiA is a tool to perform a Multiple A Record rebind attack. rebindmultia.com is a domain that I've set up to assist with these attacks. It makes every IP its own authoritative nameserver for the domain IP.ns.rebindmultia.com. For example, 13.33.33.37.ns.rebindmultia.com's authoritative...

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

CVE-2020-7377 Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

Foscam C1 Indoor HD Camera DDNS Client Buffer Overflow Vulnerability (CNVD-2017-34261)

Foscam C1 Indoor HD Camera is a wireless high-definition IP camera from Foscam, China.DDNS client is one of the dynamic domain name service clients. A buffer overflow vulnerability exists in the DDNS client in the Foscam C1 Indoor HD Camera. When DDNS is turned on, an attacker can exploit this...

Foscam C1 Indoor HD Camera DDNS Client Buffer Overflow Vulnerability (CNVD-2017-34262)

Foscam C1 Indoor HD Camera is a wireless high-definition IP camera from Foscam, China.DDNS client is one of the dynamic domain name service clients. A buffer overflow vulnerability exists in the DDNS client in the Foscam C1 Indoor HD Camera. When DDNS is turned on, an attacker can exploit this...

CVE-2017-13090

A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code...