Lucene search
K

18 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-57587

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 12:52 a.m.28 views

CVE-2026-43617

CVE-2026-43617 affects rsync

6.3CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/20 12:52 a.m.49 views

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS0.00282EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Fedora 43 : proftpd (2026-4ddb108952)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ddb108952 advisory. This update contains an updated modwrap2sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed...

8.1CVSS5.9AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.10 views

OESA-2026-2268 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

8.1CVSS6AI score0.00455EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 7:41 p.m.36 views

CVE-2026-44331

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...

8.1CVSS0.00455EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/05 7:41 p.m.7 views

CVE-2026-44331

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...

8.1CVSS6AI score0.00455EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from the Header Handler component’s reliance on reverse DNS resolution for handling Host...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 11:30 p.m.37 views

CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS0.00257EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 8:50 a.m.31 views

CVE-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

0.00617EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 8:50 a.m.5 views

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.8AI score0.00617EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/07 8:50 a.m.3 views

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS8.4AI score0.00617EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/06/03 12:0 a.m.5 views

The vulnerability of Ollama’s system for running and managing large language models (LLMs) lies in its reliance on reverse DNS resolution for IP addresses. This allows attackers to perform DNS Rebinding attacks or cause service failures.

The vulnerability of Ollama’s system for running and managing large language models is related to the use of reverse DNS resolution for IP addresses. Exploiting this vulnerability could allow a remote attacker to perform a DNS Rebinding attack or cause a service failure...

10CVSS6.6AI score0.00334EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/22 3:30 p.m.4 views

OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle...

3.7CVSS7.2AI score0.00902EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.1 views

SUSE CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks...

3.2CVSS6.9AI score0.01045EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2012/08/14 5:56 p.m.6 views

condor: host based authentication does not implement forward-confirmed reverse dns

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOWADMINISTRATOR or ALLOWWRITE by connecting from a system with a spoofed reverse DNS hostname...

10CVSS6AI score0.05102EPSS
Exploits0References4
OSV
OSV
added 2009/02/13 1:30 a.m.0 views

DEBIAN-CVE-2009-0362

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...

4CVSS7.1AI score0.01303EPSS
Exploits1References1
Rows per page
Query Builder