Alibaba Cloud Linux 3 : 0258: systemd (ALINUX3-SA-2024:0258)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0258 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7008: A vulnerability was found in...

CVE-2025-32808

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...

Incorrect Privilege Assignment

github.com/hashicorp/vault is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to the mishandling of entries in an in-memory cache, a privileged operators could manipulate their cached record through an API endpoint on a node, potentially escalating their privileges to the...

PT-2024-21058 · Dnsjava +2 · Dnsjava +2

Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...

systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

Design/Logic Flaw

The check-in record page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record...

DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure...

Microsoft-Excel-OBJ-Record

Title: Microsoft Excel OBJ Record Stack Overflow Version: Excell 2002 and XP SP3 Analysis: http://www.abysssec.com import sys def main: try: fdR = open'src.xls', 'rb+' strTotal = fdR.read str1 = strTotal:36640 str2 = strTotal37440: shellcode calc.exe shellcode =...

Ruby on Rails Security Bypass Vulnerability (Nov 2010)

Ruby on Rails is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

ISC BIND Dynamic Updates Unauthorized Resource Record Manipulation

The remote nameserver has dynamic updates enabled. The dynamic updates let the BIND administrator update the name service information dynamically. However, it is possible to trick BIND into changing the resource record for the zone it serves. An attacker may use this flaw to hijack the traffic...