4 results (0.002 seconds)

CVSS: 9.0EPSS: 9%CPEs: 1EXPL: 2

CVE-2007-2362 – MyDNS 1.1.0 - Remote Heap Overflow (PoC)

https://notcve.org/view.php?id=CVE-2007-2362

Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c. Múltibles desbordamientos de búfer en MyDNS 1.1.0 permiten a atacantes remotos (1) provocar una denegación de servicio (caída del demonio) y posiblemente ejecutar código de su elección mediante una determinada actualización, la cual dispara un desbordamiento de búfer basado en montón en update.c; y (2) provocar una denegación de servicio (caída del demonio) mediante vectores no especificados que disparan un desbordamiento de búfer basado en pila por error de superación de límite (off-by-one) en update.c • https://www.exploit-db.com/exploits/3807 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html http://osvdb.org/35438 http://osvdb.org/35439 http://secunia.com/advisories/25007 http://secunia.com/advisories/28086 http://securityreason.com/securityalert/2658 http://www.debian.org/security/2007/dsa-1434 http://www.digit-labs.org/files/exploits/mydns-rr-smash.c http://www.digit-labs.org/files/patches/mydns-update.c.diff http://www.securityfocus.c •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

CVE-2006-2075

https://notcve.org/view.php?id=CVE-2006-2075

Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite. • http://securitytracker.com/id?1015990 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.vupen.com/english/advisories/2006/1505 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •

CVSS: 5.0EPSS: 8%CPEs: 26EXPL: 0

CVE-2006-0351

https://notcve.org/view.php?id=CVE-2006-0351

Unspecified "critical denial-of-service vulnerability" in MyDNS before 1.1.0 has unknown impact and attack vectors. • http://mydns.bboy.net/download/changelog.html http://secunia.com/advisories/18532 http://secunia.com/advisories/18641 http://secunia.com/advisories/18653 http://securitytracker.com/id?1015521 http://www.debian.org/security/2006/dsa-963 http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml http://www.osvdb.org/22636 http://www.securityfocus.com/bid/16431 http://www.vupen.com/english/advisories/2006/0256 https://exchange.xforce.ibmcloud.com/vulnerabilities/24228 •

CVSS: 5.0EPSS: 1%CPEs: 98EXPL: 0

CVE-2004-0789

https://notcve.org/view.php?id=CVE-2004-0789

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. • http://secunia.com/advisories/13145 http://securitytracker.com/id?1012157 http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf http://www.posadis.org/advisories/pos_adv_006.txt http://www.securityfocus.com/bid/11642 https://exchange.xforce.ibmcloud.com/vulnerabilities/17997 •