11 matches found
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: argo-cd-fips, crossplane-provider-aws-emrserverless-fips, crossplane-provider-aws-guardduty-fips, pulumi-language-dotnet, gatekeeper-fips, nfpm, crossplane-provider-aws-cloudwatch-fips, crossplane-provider-aws-emr, policy-controller-fips, tflint, gitlab-pages-fips,...
GHSA-MVM6-F9R3-FGFX AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
W3 Total Cache < 2.1.3 - Authenticated Stored XSS
The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Vulnerable parameters: cnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...
W3 Total Cache < 2.1.3 - Authenticated Stored XSS
The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue Vulnerable parameters: &cdncnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...
What’s New in InsightAppSec and tCell: Q1 2021 in Review
2021 is off and running! The big question on the corporate world’s mind is, of course, “What will work life look like at the end of 2021?” With vaccines rolling out around the world, another shift is set to take place around when and where people put in their hours. As offices slowly start to...
Rapid7 Announces Release of New tCell Amazon CloudFront Agent
Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks CDNs such as Amazon CloudFront are on the rise, pushing content closer to end users to improve the performance of web applications. To protect web applications security tea...
Cloud Lookup (and Bypass)
This module can be useful if you need to test the security of your server and your website behind a solution Cloud based. By discovering the origin IP address of the targeted host. More precisely, this module uses multiple data sources in order ViewDNS.info, DNS enumeration and Censys to collect...
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect...
Magecart skimmers found on Amazon CloudFront CDN
Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...
subjack - Hostile Subdomain Takeover tool written in Go
subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule...
Google Android - 'gpsOneXtra' Data Files Denial of Service
Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in...