62 matches found
CVE-2026-10652
Zephyr's DNS resolver subsys/net/lib/dns parses resource records from DNS responses in dnsunpackanswer, which validated only the fixed RR header type, class, TTL, rdlength and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV...
CVE-2026-10652
Zephyr’s DNS resolver (subsys/net/lib/dns) is vulnerable to an out-of-bounds read in TXT/SRV records due to unvalidated rdlength in dns_unpack_answer(). The resolver accepts attacker-declared rdlength that may extend past the datagram end, and dns_validate_record() copies up to rdlength bytes fro...
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
EUVD-2020-27227
Malware in sbrugna...
CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations a...
PT-2023-8932 · Maradns +2 · Maradns +2
Name of the Vulnerable Software and Affected Versions: MaraDNS versions 3.5.0024 and prior Description: MaraDNS is open-source software that implements the Domain Name System DNS. A remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to...
DNSStager - Hide Your Payload In DNS
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...
dnsrecon 0.10.0 - CSV Injection
Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...
dnsrecon 0.10.0 - CSV Injection Vulnerability
Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with entries such as...
dnsrecon 0.10.0 CSV Injection
Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...
Denial Of Service (DoS)
libmicrodns is vulnerable to denial of service. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send a malicious mDNS message to exploit the vulnerability...
VLC < 3.0.9 Multiple Vulnerabilities
The version of VLC media player installed on the remote Windows host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities: - An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing...
CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
DEBIAN-CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
Integer overflow
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...
CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS...