Lucene search
K

171 matches found

osv
osv
added 2024/01/31 12:21 a.m.22 views

GHSA-WR2V-9RPQ-C35Q Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV...

6.5CVSS6.9AI score0.01636EPSS
Exploits0References4
github
github
added 2024/01/31 12:21 a.m.23 views

Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV...

6.5CVSS6.7AI score0.01636EPSS
Exploits0References5Affected Software1
gitlab
gitlab
added 2024/01/31 12:0 a.m.34 views

Missing Authentication for Critical Function

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS7.1AI score0.01636EPSS
Exploits0References5Affected Software1
osv
osv
added 2023/12/24 6:15 a.m.7 views

AZL-32295 CVE-2023-51765 affecting package sendmail 8.15.2-46

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS6AI score0.01073EPSS
Exploits2References1
openbugbounty
openbugbounty
added 2023/12/14 10:45 p.m.9 views

srv-si-001.utpl.edu.ec Cross Site Scripting vulnerability OBB-3814236

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
kitploit
kitploit
added 2023/03/07 11:30 a.m.95 views

DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text

DataSurgeon ds is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...

7.1AI score
Exploits0References5
osv
osv
added 2022/10/06 11:12 p.m.18 views

GHSA-H8G9-6GVH-5MRC etcd vulnerable to TOCTOU of gateway endpoint authentication

Vulnerability type Authentication Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates th...

7.3AI score
Exploits0References2
github
github
added 2022/10/06 11:12 p.m.12 views

etcd vulnerable to TOCTOU of gateway endpoint authentication

Vulnerability type Authentication Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates th...

1.5AI score
Exploits0References2Affected Software1
gitlab
gitlab
added 2022/10/06 12:0 a.m.16 views

etcd vulnerable to TOCTOU of gateway endpoint authentication

The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once...

2AI score
Exploits0References2Affected Software1
openbugbounty
openbugbounty
added 2022/06/07 6:3 p.m.15 views

srvmamatahospital.com Cross Site Scripting vulnerability OBB-2641383

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
veracode
veracode
added 2021/02/11 3:12 a.m.22 views

Directory Traversal

ftp-srv is vulnerable to directory traversal. The vulnerability exists as it does not perform checks on the relative path to see if it resolves to a path outside of the application root directory...

9.6CVSS3.6AI score0.01863EPSS
Exploits1References7Affected Software1
osv
osv
added 2021/02/10 6:15 p.m.12 views

CVE-2020-26299

ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands,...

9.6CVSS9.2AI score
Exploits0References6
vulnersosv
vulnersosv
added 2021/02/10 6:11 p.m.5 views

@pheasantplucker/ftp (=1.0.0), @zpmc/zwd-server (>=0.0.14 <=0.0.21) +4 more potentially affected by CVE-2020-26299 via ftp-srv (>=2.19.6 <=4.1.0)

ftp-srv NPM version =2.19.6, =0.0.14, =0.0.1, =3.0.0, =3.0.7 Source cves: CVE-2020-26299 Source advisory: OSV:GHSA-PMW4-JGXX-PCQ9...

9.6CVSS7.2AI score0.01863EPSS
Exploits1
cve
cve
added 2021/02/10 6:10 p.m.65 views

CVE-2020-26299

Summary: CVE-2020-26299 affects the ftp-srv npm package (FTP server) prior to 4.4.0. The root cause is how Windows path separators () interact with path.resolve, leaving an upper pointer intact and allowing a user to move beyond the defined FTP root via commands like CWD/UPDR. Impact: potential p...

9.6CVSS7.5AI score0.01863EPSS
Exploits1References6Affected Software1
cnnvd
cnnvd
added 2021/02/10 12:0 a.m.8 views

ftp-srv Path Traversal Vulnerability

Connor Skees ftp-srv is an open source application from Connor Skees. Provides a modern and scalable FTP server designed to be simple but configurable. A path traversal vulnerability exists in ftp-srv, which arises from a failure of a network system or product to properly filter special elements ...

9.6CVSS7.3AI score0.01863EPSS
Exploits1References7
packetstorm
packetstorm
added 2021/01/08 12:0 a.m.396 views

dnsrecon 0.10.0 CSV Injection

Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2021/01/08 12:0 a.m.485 views

dnsrecon 0.10.0 - CSV Injection

Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...

7.4AI score
Exploits0
nvd
nvd
added 2020/12/31 10:15 a.m.35 views

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

7.5CVSS7.5AI score0.01439EPSS
Exploits1References2
osv
osv
added 2020/12/31 10:15 a.m.29 views

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

7.5CVSS7.2AI score0.01439EPSS
Exploits1References2
cve
cve
added 2020/12/31 12:0 a.m.54 views

CVE-2020-35857

The CVE-2020-35857 entry applies to the trust-dns-server crate in Rust, prior to version 0.18.1. The issue arises from how MX and SRV null targets are handled, leading to stack consumption (stack overflow) when processing additional records for MX/SRV targets, potentially causing a crash and DOS....

7.5CVSS7.4AI score0.01439EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder