d2j8f4g7hbeequ.cloudfront.net XSS vulnerability

Open Bug Bounty ID: OBB-201301 Description| Value ---|--- Affected Website:| d2j8f4g7hbeequ.cloudfront.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Uber: Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront

Hi, 3 hours ago, rider.uber.com was responding like this: F127137 This happened on both HTTP and HTTPS. Now, as our blog post from last week says: https://labs.detectify.com/2016/10/05/the-story-of-ev-ssl-aws-and-trailing-dot-domains/ This means that there's a high chance this domain does not hav...

Google Android - 'gpsOneXtra' Data Files Denial of Service

Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in...

Android Qualcomm GPS/GNSS Man-In-The-Middle

Exploit for Android platform in category local exploits Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java...

Android Qualcomm GPS/GNSS Man-In-The-Middle

Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in...

Docebo LMS 6.9 Remote Code Execution

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST Remote Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: =============...

Ubiquiti Inc.: Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry

Hi, So lately I have discovered that CloudFront is not validating which user that connects a CNAME:d domain to a CloudFront Origin. This means that if I could find a domain that is still pointing to CloudFront, without being connected to any Origin as a Custom CNAME, I can actually claim the doma...

d26agsaw4ohyil.cloudfront.net XSS vulnerability

Vulnerable URL: https://d26agsaw4ohyil.cloudfront.net/player/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

Super cannon Great Cannon）defect inquiry of JS bloomer-vulnerability warning-the black bar safety net

Following the last post in the black bar to secure the article on the super cannon Great Cannon）defect inquiry of TTL article, we reference from abroad, a research organization for the event post-mortem analysis, as well as by being an attack site log and capture the code on a bloomer, locking Th...

Google Provides Detailed Analysis of GitHub Attack Traffic

The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the...

Amazon CloudFront Turns On Perfect Forward Secrecy

Add Amazon to the growing list of technology providers ensuring that its encryption capabilities exceed a minimum standard. Yesterday, the company announced that its web content delivery platform Amazon CloudFront had turned on Perfect Forward Secrecy, in addition to a number of changes designed ...