GHSA-37M5-M4Q3-FC6X Froxlor: BIND Zone File Injection via TXT Record Content

Summary The DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitra...

HTTPS Fetch, DNS TXT Record Payload Download and Execution

Fetch and execute an x86 payload from an HTTPS server. Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then ...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...

PT-2025-53599

Name of the Vulnerable Software and Affected Versions Cola Dnslog version 1.3.2 Description The application processes DNS queries for TXT records by concatenating the requested URL with a base path using os.path.join. This allows for directory traversal or absolute path injection. Successful...

Cola Dnslog 安全漏洞

Cola Dnslog is a no-reply vulnerability detection aid platform for individual AbelChe developers. A security vulnerability exists in Cola Dnslog v1.3.2, which stems from the direct splicing of request URLs and base paths when processing TXT record DNS queries, which may lead to directory traversa...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

UBUNTU-CVE-2024-24150

A memory leak issue discovered in parseSWFTEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file...

DEBIAN-CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System DNS. In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination...

SUSE CVE-2014-4049

Heap-based buffer overflow in the phpparserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service crash and possibly execute arbitrary code via a crafted DNS TXT record, related to the dnsgetrecord function...

Videolabs libmicrodns Input Validation Error Vulnerability

Videolabs libmicrodns is a cross-platform mDNS multicast DNS resolver from Videolabs Labs in France. An input validation error vulnerability exists in the TXT record parsing feature of Videolabs libmicrodns 0.1.0. The vulnerability stems from a network system or product that does not properly...

UBUNTU-CVE-2020-6073

An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...

libming integer overflow vulnerability (CNVD-2018-03001)

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. An integer overflow vulnerability exists in the 'outputSWFTEXTRECORD' function in the util/outputscript.c file in libming 0.4.8 and earlier...

libming denial of service vulnerability (CNVD-2017-34968)

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A denial of service vulnerability exists in the 'outputSWFTEXTRECORD' function in the util/outputscript.c file in libming 0.4.8 and earlier...

DEBIAN-CVE-2016-0771

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory by...

php: heap-based buffer overflow in DNS TXT record parsing

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dnsgetrecord function to perform a DNS query...

php: heap-based buffer overflow in DNS TXT record parsing

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dnsgetrecord function to perform a DNS query...

php: heap-based buffer overflow in DNS TXT record parsing

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dnsgetrecord function to perform a DNS query...