Denial of service against AD DC WINS server

Description The Windows Internet Naming Service 1 is an unauthenticated service for registering and looking up names in a NetBIOS network running on TCP and UDP 2. The protocol handlers for the RELEASE and MULTIHOMEREG packets in the WINS server running when Samba is configured as an Active...

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

Linux Distros Unpatched Vulnerability : CVE-2019-17531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control

Traditional Identity and Access Management IAM systems, primarily designed for human users or static machine identities via protocols such as OAuth, OpenID Connect OIDC, and SAML, prove fundamentally inadequate for the dynamic, interdependent, and often ephemeral nature of AI agents operating at...

Exasol JDBC Driver 安全漏洞

Exasol JDBC Driver is a driver from Exasol for connecting to Exasol databases. A security vulnerability exists in Exasol JDBC Driver version 24.2.0, which originates from an attacker can inject malicious parameters into the JDBC URL, triggering a JNDI injection that could lead to remote code...

PT-2023-27908 · Sofarpc · Sofarpc

Name of the Vulnerable Software and Affected Versions: SOFARPC versions prior to 5.11.0 Description: SOFARPC is a Java RPC framework. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. The default configuration of the SOFARPC framework uses a...

SUSE CVE-2022-21496

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

The implementation of the wchp/wchc command in the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is vulnerable. This vulnerability stems from the lack of authentication for the critical function, allowing a malicious actor operating remotely to cause service failures.

The vulnerability of the wchp/wchc command implementation in the centralized service for managing configuration information, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the lack of authentication for the critical function. Exploiting this...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to sensitive data Access to system data...

The vulnerability of the RPCbind server for dynamic naming services, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the dynamic naming server RPC ports RPCbind is related to unlimited resource distribution. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

ISC BIND Denial of Service Vulnerability (CNVD-2018-14416)

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. A denial-of-service vulnerability exists in ISC BIND due to a flaw in the handling of BIND slave zone transfers, which could be exploited by an attacker ...

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

Jndi injection and Spring RCE vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Because before has been traveling, and haven't done the research, eleven during the re-focus of the 2 0 1 6 BlackHat the above subject, wherein jndi injection caught my attention, this paper mainly divided into the following 3 sections, the understanding of jndi, analysis jndi injection...

The vulnerability of the RPCbind server for dynamic naming services allows a attacker to cause a service failure.

The vulnerability of the xprtsetcaller function of dynamic naming server RPC ports is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to cause service failures by using specially crafted packets containing the PMAPCALLIT code...

SAP Business One License Manager 2005 Buffer Overflow

No description provided by source. $Id: sap2005license.rb 11180 2010-11-30 20:19:18Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commente...

JNDI: unauthenticated remote write access is permitted by default

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

SAP Business One License Manager 2005 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3 'SAP...

SAP Business One License Manager 2005 Buffer Overflow

This module exploits a stack buffer overflow in the SAP Business One 2005 License Manager 'NT Naming Service' A and B releases. By sending an excessively long string the stack is overwritten enabling arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Curren...