17 matches found
CVE-2026-33489
A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...
CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
...
CVE-2026-33489
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...
EUVD-2026-27450
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...
CVE-2026-33489
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...
CVE-2026-33489
CoreDNS CVE-2026-33489 affects the transfer plugin prior to version 1.14.3. The root cause is a lexicographic longestMatch() comparison in plugin/transfer/transfer.go, which can select a permissive parent-zone ACL over a more-specific subzone ACL when both are configured. This flaw enables an una...
CoreDNS 安全漏洞
CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from an error in the selection of ACL rules in the transfer plugin, which could allow unauthorized remote clients to execute AXFR/IXFR and...
EUVD-2014-0165
Malware in sbrugna...
EUVD-2015-5205
Malware in sbrugna...
WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin FTP Sync versions = 1.1.6...
Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight, IBM Mobile Foundation and IBM MobileFirst Platform Foundation (CVE-2015-5204)
Summary Apache Cordova File Transfer Plugin for Android is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will all...
Code injection
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin org.apache.cordova.file-transfer before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the...
CVE-2014-0072
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin org.apache.cordova.file-transfer before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the...
CVE-2015-5204
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin cordova-plugin-file-transfer for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file...
Crlf injection
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin cordova-plugin-file-transfer for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file...
CVE-2015-5204
CVE-2015-5204 affects the cordova-plugin-file-transfer for Android (versions 1.2.1 and earlier). The root cause is HTTP header injection via improper validation of the Filename argument, allowing an attacker to inject CRLF sequences and thus manipulate headers in the HTTP response. Documented imp...