2 matches found
CVE-2022-46405
Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...
U.S. Dept Of Defense: EC2 subdomain takeover at http://████████/
There is a dangling DNS A record that points to an EC2 instance that no longer exists, I was able to claim the EC2 instance and host content on http://███████/. Steps To Reproduce: 1. Visit http://█████████/██████████.html and view the PoC: ██████ Suggested Remediation Steps Remove the A record...