Lucene search
K

57 matches found

Openbugbounty
Openbugbounty
added 2022/04/04 2:23 p.m.8 views

cdn-backend.dms.ccplatform.net Cross Site Scripting vulnerability OBB-2466322

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/08/05 4:0 a.m.26 views

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

0.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/06/23 2:0 p.m.32 views

Targeted Cache Control

Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP. This is the beauty of standards -- HTTP in this case. What you cannot count on is there...

7.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/06/23 4:0 a.m.22 views

Targeted Cache Control

Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP...

0.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.7 views

PT-2024-10832 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference leak occurs in the Linux kernel when pm runtime get sync fails. The PM reference count is not expected to be incremented on return in functions cdns i2c master xfer and cdn...

7.8CVSS6.5AI score0.01549EPSS
Exploits0References405
Securelist
Securelist
added 2020/08/10 10:0 a.m.50 views

DDoS attacks in Q2 2020

News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed "NXNSAttack". The hacker sends to a...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/04/03 5:16 p.m.71 views

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this...

7.5AI score
Exploits0References13
FreeBSD
FreeBSD
added 2019/08/28 12:0 a.m.74 views

mantis -- multiple vulnerabilities

The Mantis developers report: CVE-2019-15715: Admin Required - Post Authentication Command Execution / Injection Vulnerability CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute Missing integrity hashes for CSS resources from CDNs...

7.2CVSS3.2AI score0.30003EPSS
Exploits6References1
Akamai Blog
Akamai Blog
added 2019/03/06 6:30 p.m.55 views

Global Traffic Management for Cloud, Data Centers, and CDNs

Twenty years ago it would be common to have multiple data centers load balanced with specialized devices. The applications in multiple data centers would use the Domain Name System DNS to look up the application destination. The DNS system would be set up to with multiple data center locations...

6.9AI score
Exploits0
Akamai Blog
Akamai Blog
added 2019/03/06 5:0 a.m.12 views

Global Traffic Management for Cloud, Data Centers, and CDNs

Twenty years ago it would be common to have multiple data centers load balanced with specialized devices. The applications in multiple data centers would use the Domain Name System DNS to look up the application destination. The DNS system would be set up to with multiple data center locations...

2.6AI score
Exploits0
Hacker One
Hacker One
added 2018/12/26 10:13 p.m.41 views

Weblate: Stored XSS @ /engage/<project_slug>

Description The vulnerability concerns a Stored XSS, while it is currently to the best of my knowledge not exploitable due to limitations stated below. I thought that the issue is worth reporting anyway. Steps to reproduce 1. Change a project's name or create one to the following payload:...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/05/28 12:45 a.m.10 views

news02.cdns.com.tw XSS vulnerability

Open Bug Bounty ID: OBB-623342 Description| Value ---|--- Affected Website:| news02.cdns.com.tw Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Imperva Blog
Imperva Blog
added 2018/03/27 3:30 p.m.62 views

Web Application Firewalls: The Definitive Primer

Firewalls have traditionally been focused on network layer traffic. As attacks have evolved, however, they have climbed the ladder of the Open Systems Interconnection OSI model. Web Application Firewalls WAFs have developed as a result, not only to track network traffic but also to understand...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/01/29 1:40 a.m.101 views

Nearly 2000 WordPress Websites Infected with a Keylogger

More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign...

7.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/08/30 1:48 p.m.32 views

Game Crunch Doesn't Always Have to be a Thing

You've been dreading the conversation. You know there's no way out of it, given the timeline. Your execs have made it clear that the very large marketing spend is going to hit during the week when two of your engineers were planning to be on vacation. You've got a brilliant team that has helped y...

6.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/08/28 1:5 p.m.62 views

The WireX Botnet: An example of cross-organizational cooperation

Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...

7.2AI score
Exploits0
FireEye
FireEye
added 2017/03/27 8:0 a.m.48 views

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

7.7AI score
Exploits0
Rows per page
Query Builder