14 matches found
CVE-2026-12244
NSD (the DNS server) is affected when configured as a secondary for a zone. A primary can crash NSD by sending an AXFR containing a DNS message with a specially crafted SVCB RR whose rdata size is 65512, which causes an (uint16_t) length to overflow while allocating space for the RR wrap (total s...
PT-2026-52209
Name of the Vulnerable Software and Affected Versions NSD affected versions not specified Description A heap overflow occurs when NSD is configured as a secondary for a zone. A primary server can trigger this by sending an AXFR Zone Transfer containing a DNS message with a specially crafted SVCB...
EUVD-2019-16967
Malware in sbrugna...
CVE-2024-23060
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function...
RUSTSEC-2020-0001 Stack overflow when resolving additional records from MX or SRV null targets
There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...
The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system allows a intruder to inject arbitrary JavaScript code into the loaded page and gain access to protected data.
The vulnerability of the Zone configuration component of the Juniper ATP intrusion prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the loaded page and gain access to protected da...
Juniper ATP Cross-Site Scripting Vulnerability (CNVD-2019-24385)
Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Zone configuration in Juniper ATP...
CVE-2019-0026
A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...
CVE-2019-0026
A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...
Cross site scripting
A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...
CVE-2019-0026 Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration
A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...
CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...
Design/Logic Flaw
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy...
Vulnerability in IE/Outlook ActiveX control
-----BEGIN PGP SIGNED MESSAGE----- Microsoft alerted me to a new vulnerability discovered by Georgi Guninski and now posted publicly. The vulnerability involves an ActiveX control that is installed by a variety of software, including Office/Outlook XP. The control exposes a method which should no...