Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2024/03/20 5:59 p.m.79 views

Moby's external DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...

7.5CVSS6.6AI score0.0075EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2021/11/19 5:38 a.m.73 views

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...

6.4AI score
Exploits0
The Hacker Blog
The Hacker Blog
added 2017/07/10 3:21 p.m.16 views

The .io Error – Taking Control of All .io Domains With a Targeted Registration

In a previous post we talked about taking over the .na , .co.ao , and .it.ao domain extensions with varying levels of DNS trickery. In that writeup we examined the threat model of compromising a top level domain TLD and what some avenues would look like for an attacker to accomplish this goal. On...

7.5AI score
Exploits0
n0where
n0where
added 2017/01/31 6:50 a.m.40 views

DNS Poisoning Attacks Made Easy: Judas DNS

DNS Poisoning Attacks Made Easy A DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation. Judas works by proxying all DNS queries to the legitimate nameservers for a domain. The magic comes with Judas’s rule configurations which allow you to...

0.8AI score
Exploits0References2
The Hacker Blog
The Hacker Blog
added 2016/07/10 1:46 a.m.16 views

The International Incident – Gaining Control of a .int Domain Name With DNS Trickery

The .int or international TLD is perhaps one of the most exclusive extensions available on the Internet. The number of domains on the extension is so small it has it’s own Wikipedia page. Introduced around 27 years ago its primary purpose has been for international treaty organizations. The...

6.7AI score
Exploits0
FreeBSD
FreeBSD
added 2012/06/04 12:0 a.m.46 views

dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory

ISC reports: Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers...

8.5CVSS8.7AI score0.13405EPSS
Exploits1References1
Metasploit
Metasploit
added 2009/07/17 8:36 p.m.156 views

DNS BailiWicked Domain Attack

This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled...

6.8CVSS6.9AI score0.95182EPSS
Exploits20
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.20 views

MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041)

No description provided by source. !/usr/bin/python POC for MS06-041 Run the python script passing the local ip address as parameter. The DNS server will start listening on this ip address for DNS hostname resolution queries. This script is for testing and educational purpose and so to test this...

7.1AI score
Exploits0
Rows per page
Query Builder