57 matches found
cdn-backend.dms.ccplatform.net Cross Site Scripting vulnerability OBB-2466322
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
HTTP/2 Request Smuggling
HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...
Targeted Cache Control
Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP. This is the beauty of standards -- HTTP in this case. What you cannot count on is there...
Targeted Cache Control
Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP...
PT-2024-10832 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference leak occurs in the Linux kernel when pm runtime get sync fails. The PM reference count is not expected to be incremented on return in functions cdns i2c master xfer and cdn...
DDoS attacks in Q2 2020
News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed "NXNSAttack". The hacker sends to a...
Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks
A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this...
mantis -- multiple vulnerabilities
The Mantis developers report: CVE-2019-15715: Admin Required - Post Authentication Command Execution / Injection Vulnerability CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute Missing integrity hashes for CSS resources from CDNs...
Global Traffic Management for Cloud, Data Centers, and CDNs
Twenty years ago it would be common to have multiple data centers load balanced with specialized devices. The applications in multiple data centers would use the Domain Name System DNS to look up the application destination. The DNS system would be set up to with multiple data center locations...
Global Traffic Management for Cloud, Data Centers, and CDNs
Twenty years ago it would be common to have multiple data centers load balanced with specialized devices. The applications in multiple data centers would use the Domain Name System DNS to look up the application destination. The DNS system would be set up to with multiple data center locations...
Weblate: Stored XSS @ /engage/<project_slug>
Description The vulnerability concerns a Stored XSS, while it is currently to the best of my knowledge not exploitable due to limitations stated below. I thought that the issue is worth reporting anyway. Steps to reproduce 1. Change a project's name or create one to the following payload:...
news02.cdns.com.tw XSS vulnerability
Open Bug Bounty ID: OBB-623342 Description| Value ---|--- Affected Website:| news02.cdns.com.tw Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Web Application Firewalls: The Definitive Primer
Firewalls have traditionally been focused on network layer traffic. As attacks have evolved, however, they have climbed the ladder of the Open Systems Interconnection OSI model. Web Application Firewalls WAFs have developed as a result, not only to track network traffic but also to understand...
Nearly 2000 WordPress Websites Infected with a Keylogger
More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign...
Game Crunch Doesn't Always Have to be a Thing
You've been dreading the conversation. You know there's no way out of it, given the timeline. Your execs have made it clear that the very large marketing spend is going to hit during the week when two of your engineers were planning to be on vacation. You've got a brilliant team that has helped y...
The WireX Botnet: An example of cross-organizational cooperation
Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...
APT29 Domain Fronting With TOR
Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...