Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3 vulnerabilities by Matthew

    CVE-2025-23580 (GCVE-0-2025-23580)

    Vulnerability from nvd – Published: 2025-01-21 17:21 – Updated: 2026-04-28 16:11
    VLAI
    Title
    WordPress BizLibrary plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through <= 1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Matthew BizLibrary Affected: 0 , ≤ 1.1 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:33
    Credits
    João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23580",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T18:35:58.418634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T18:43:02.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bizlibrary",
              "product": "BizLibrary",
              "vendor": "Matthew",
              "versions": [
                {
                  "lessThanOrEqual": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:33:04.683Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.\u003cp\u003eThis issue affects BizLibrary: from n/a through \u003c= 1.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through \u003c= 1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:11:13.614Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/bizlibrary/vulnerability/wordpress-bizlibrary-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress BizLibrary plugin \u003c= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-23580",
        "datePublished": "2025-01-21T17:21:50.545Z",
        "dateReserved": "2025-01-16T11:26:29.091Z",
        "dateUpdated": "2026-04-28T16:11:13.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23580 (GCVE-0-2025-23580)

    Vulnerability from cvelistv5 – Published: 2025-01-21 17:21 – Updated: 2026-04-28 16:11
    VLAI
    Title
    WordPress BizLibrary plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through <= 1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Matthew BizLibrary Affected: 0 , ≤ 1.1 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:33
    Credits
    João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23580",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T18:35:58.418634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T18:43:02.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bizlibrary",
              "product": "BizLibrary",
              "vendor": "Matthew",
              "versions": [
                {
                  "lessThanOrEqual": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:33:04.683Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.\u003cp\u003eThis issue affects BizLibrary: from n/a through \u003c= 1.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through \u003c= 1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:11:13.614Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/bizlibrary/vulnerability/wordpress-bizlibrary-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress BizLibrary plugin \u003c= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-23580",
        "datePublished": "2025-01-21T17:21:50.545Z",
        "dateReserved": "2025-01-16T11:26:29.091Z",
        "dateUpdated": "2026-04-28T16:11:13.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-200704-0125

    Vulnerability from variot - Updated: 2023-12-18 13:05

    Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. dproxy-nexgen of dns_decode.c of dns_decode_reverse_name The function contains a stack-based buffer overflow vulnerability. Dproxy is a small cached DNS server. Dproxy is prone to a remote buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code with superuser privileges. A successful attack could result in the complete compromise of affected computers or routers/devices. Version 1.c is vulnerable; other versions may also be affected.


    Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/


    TITLE: dproxy-nexgen "dns_decode_reverse_name" Buffer Overflow Vulnerability

    SECUNIA ADVISORY ID: SA24688

    VERIFY ADVISORY: http://secunia.com/advisories/24688/

    CRITICAL: Moderately critical

    IMPACT: System access

    WHERE:

    From local network

    SOFTWARE: dproxy-nexgen http://secunia.com/product/13834/

    DESCRIPTION: mu-b has discovered a vulnerability in dproxy-nexgen, which can be exploited by malicious people to compromise a vulnerable system.

    Successful exploitation allows execution of arbitrary code.

    The vulnerability is confirmed in the latest available version (2007-04-02).

    SOLUTION: Use the software only in a trusted network environment.

    PROVIDED AND/OR DISCOVERED BY: mu-b

    ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053289.html


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0125",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dproxy",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "dproxy",
            "version": "nexgen"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "model": "pratt dproxy-nexgen 1.c",
            "scope": null,
            "trust": 0.3,
            "vendor": "matthew",
            "version": null
          },
          {
            "model": "pratt dproxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "matthew",
            "version": "0.5"
          },
          {
            "model": "pratt dproxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "matthew",
            "version": "0.4"
          },
          {
            "model": "pratt dproxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "matthew",
            "version": "0.3"
          },
          {
            "model": "pratt dproxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "matthew",
            "version": "0.2"
          },
          {
            "model": "pratt dproxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "matthew",
            "version": "0.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "db": "BID",
            "id": "23243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dproxy:dproxy:nexgen:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "mu-b discovered this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "23243"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2007-1866",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": true,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2007-1866",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2007-2183",
                "impactScore": 7.8,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2007-1866",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2007-2183",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200704-072",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. dproxy-nexgen of dns_decode.c of dns_decode_reverse_name The function contains a stack-based buffer overflow vulnerability. Dproxy is a small cached DNS server. Dproxy is prone to a remote buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. \nExploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code with superuser privileges. A successful attack could result in the complete compromise of affected computers or routers/devices. \nVersion 1.c is vulnerable; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nSecunia customers receive relevant and filtered advisories. \nDelivery is done via different channels including SMS, Email, Web,\nand https based XML feed. \nhttp://corporate.secunia.com/trial/38/request/\n\n----------------------------------------------------------------------\n\nTITLE:\ndproxy-nexgen \"dns_decode_reverse_name\" Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA24688\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24688/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\ndproxy-nexgen\nhttp://secunia.com/product/13834/\n\nDESCRIPTION:\nmu-b has discovered a vulnerability in dproxy-nexgen, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is confirmed in the latest available version\n(2007-04-02). \n\nSOLUTION:\nUse the software only in a trusted network environment. \n\nPROVIDED AND/OR DISCOVERED BY:\nmu-b\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053289.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "db": "BID",
            "id": "23243"
          },
          {
            "db": "PACKETSTORM",
            "id": "55614"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2007-1866",
            "trust": 2.4
          },
          {
            "db": "SECUNIA",
            "id": "24688",
            "trust": 2.3
          },
          {
            "db": "SREASON",
            "id": "2518",
            "trust": 1.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1194",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "23243",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20070331 RE: DPROXY-NEXGEN REMOTE",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20070331 DPROXY-NEXGEN REMOTE",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "55614",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "db": "BID",
            "id": "23243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "db": "PACKETSTORM",
            "id": "55614"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "id": "VAR-200704-0125",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:05:04.462000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Revision 1.10",
            "trust": 0.8,
            "url": "http://dproxy.cvs.sourceforge.net/dproxy/dproxy-nexgen/dns_decode.c?revision=1.10\u0026view=markup"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-march/053289.html"
          },
          {
            "trust": 1.6,
            "url": "http://dproxy.cvs.sourceforge.net/dproxy/dproxy-nexgen/dns_decode.c?revision=1.10\u0026view=markup"
          },
          {
            "trust": 1.6,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-march/053302.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/24688"
          },
          {
            "trust": 1.6,
            "url": "http://securityreason.com/securityalert/2518"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1194"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33753"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1866"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1866"
          },
          {
            "trust": 0.7,
            "url": "http://secunia.com/advisories/24688/"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/1194"
          },
          {
            "trust": 0.3,
            "url": "http://dproxy.sourceforge.net/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://corporate.secunia.com/trial/38/request/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/13834/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "db": "BID",
            "id": "23243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "db": "PACKETSTORM",
            "id": "55614"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "db": "BID",
            "id": "23243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "db": "PACKETSTORM",
            "id": "55614"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-03-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "date": "2007-03-23T00:00:00",
            "db": "BID",
            "id": "23243"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "date": "2007-04-05T02:08:29",
            "db": "PACKETSTORM",
            "id": "55614"
          },
          {
            "date": "2007-04-04T16:19:00",
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "date": "2007-04-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2007-2183"
          },
          {
            "date": "2007-04-02T22:22:00",
            "db": "BID",
            "id": "23243"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          },
          {
            "date": "2017-07-29T01:31:04.097000",
            "db": "NVD",
            "id": "CVE-2007-1866"
          },
          {
            "date": "2007-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "dproxy-nexgen of  dns_decode_reverse_name Stack-based buffer overflow vulnerability in functions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000631"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200704-072"
          }
        ],
        "trust": 0.6
      }
    }