Lucene search
+L

444 matches found

NVD
NVD
added 2025/01/14 10:15 p.m.11 views

CVE-2024-50861

The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...

6.1CVSS0.00795EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-2893 · Gestioip · Gestioip

Name of the Vulnerable Software and Affected Versions: GestioIP version 3.5.7 Description: The issue concerns a Stored XSS vulnerability in the ip mod dns key form.cgi request. An attacker can inject malicious code into the TSIG Key field, which is saved in the database and triggers XSS when...

6.1CVSS6AI score0.00795EPSS
Exploits3References12
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.547 views

BIND TSIG Badtime Query Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TSIG Badtime Query Denial of Service', 'Description' = %q A logic error in code which checks TSIG validity can be used to trigger an asserti...

7.5CVSS7.2AI score0.93422EPSS
Exploits5
Fedora
Fedora
added 2024/06/26 1:28 a.m.38 views

[SECURITY] Fedora 39 Update: python-dns-2.6.1-1.fc39

dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0. dnspython provides both high and low level access to DNS. The high level classes perform queries for data...

7CVSS6.8AI score0.01857EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 5 : bind97 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bind: An error in TSIG authentication can permit unauthorized dynamic updates CVE-2017-3143 - named in IS...

7.5CVSS7.3AI score0.59353EPSS
Exploits1References5
Fedora
Fedora
added 2024/05/10 1:34 a.m.30 views

[SECURITY] Fedora 38 Update: python-dns-2.3.0-3.fc38

dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0. dnspython provides both high and low level access to DNS. The high level classes perform queries for data...

7CVSS6.4AI score0.01857EPSS
Exploits1
Fedora
Fedora
added 2024/05/03 1:44 a.m.38 views

[SECURITY] Fedora 40 Update: python-dns-2.6.1-1.fc40

dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0. dnspython provides both high and low level access to DNS. The high level classes perform queries for data...

7CVSS7.2AI score0.01857EPSS
Exploits1
Redos
Redos
added 2024/03/13 12:0 a.m.23 views

ROS-2-1422

2.1422 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

9.8CVSS8.7AI score0.82367EPSS
Exploits0
Kitploit
Kitploit
added 2024/01/20 11:30 a.m.24 views

Gssapi-Abuse - A Tool For Enumerating Potential Hosts That Are Open To GSSAPI Abuse Within Active Directory Networks

gssapi-abuse was released as part of my DEF CON 31 talk. A full write up on the abuse vector can be found here: A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks The tool has two features. The first is the ability to enumerate non Windows hosts that are joined to Active Directory that offer...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.38 views

NewStart CGSL MAIN 6.06 : bind Multiple Vulnerabilities (NS-SA-2023-0094)

The remote NewStart CGSL host, running version MAIN 6.06, has bind packages installed that are affected by multiple vulnerabilities: - By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter...

8.6CVSS6.6AI score0.93422EPSS
Exploits6References25
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.19 views

F5 Networks BIG-IP : BIG-IP DNS TSIG Key Leakage (K98334513)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K98334513 advisory. When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created, t...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References2
CNVD
CNVD
added 2023/10/11 12:0 a.m.42 views

F5 BIG-IP Information Disclosure Vulnerability (CNVD-2023-75596)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An information disclosure vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to view TSIG keys in...

5.5CVSS6.4AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2023/10/10 1:15 p.m.21 views

CVE-2023-41253

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.5CVSS5.5AI score0.00171EPSS
Exploits0References1
Prion
Prion
added 2023/10/10 1:15 p.m.19 views

Code injection

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

1.7CVSS5.5AI score0.00171EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/10/10 12:33 p.m.29 views

CVE-2023-41253 BIG-IP DNS TSIG Key vulnerability

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.5CVSS5.7AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/10 12:33 p.m.15 views

CVE-2023-41253 BIG-IP DNS TSIG Key vulnerability

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.5CVSS6.8AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2023/10/10 12:33 p.m.78 views

CVE-2023-41253

CVE-2023-41253 affects BIG-IP DNS and BIG-IP LTM when DNS Services license is enabled. A TSIG key created on these systems is logged in plaintext in the audit log due to a disclosure in the control plane. The vulnerability can allow an authenticated user with auditor privileges to view the TSIG k...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software2
F5 Networks
F5 Networks
added 2023/10/10 10:13 a.m.27 views

K98334513: BIG-IP DNS TSIG key vulnerability CVE-2023-41253

Security Advisory Description When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created, the key is logged in plaintext in the audit log. CVE-2023-41253 Impact An authenticated attacker with at least auditor role privileges can view the TSIG key in...

5.5CVSS5.5AI score0.00171EPSS
Exploits0Affected Software2
Redos
Redos
added 2023/07/06 12:0 a.m.46 views

ROS-2-618

2.618 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

9.8CVSS8.7AI score0.82367EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.21 views

Debian: Security Advisory (DLA-798-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.6AI score0.07294EPSS
Exploits0References3
Rows per page
Query Builder