EUVD-2022-41124

Malicious code in bioql PyPI...

PT-2025-31142

Name of the Vulnerable Software and Affected Versions netavark affected versions not specified Description A vulnerability exists in the netavark package, a network stack for containers used with Podman. Due to the removal of the dns.podman search domain, netavark may return external servers if a...

CVE-2022-38546

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00ABZY.3C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode...

CVE-2024-57174

A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access...

MasterCard DNS Error Went Unnoticed for Years

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security...

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "takes advantage of misconfigured DNS records to pass email protection techniques,"...

URLs have always been a great hiding place for threat actors

Welcome to this weeks edition of the Threat Source newsletter. Talos recent blog post on the dangers posed by the newly released ".zip" top-level domain TLD recently outlined how threat actors could create real URLs that look like file names and trick users into clicking on their links. .Zip and...

CVE-2022-38546

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00ABZY.3C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode...

Code injection

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00ABZY.3C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode...

PT-2022-7090 · Zyxel · Zyxel Nbg7510

Name of the Vulnerable Software and Affected Versions: Zyxel NBG7510 versions prior to V1.00ABZY.3C0 Description: The issue is related to a DNS misconfiguration in the Zyxel NBG7510 firmware, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the...

Palo Alto Software: DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com

Summary The issue happens due to using EC2 public DNS instead of using Elastic IPs as CNAME record. This report is simliar to report 1069795 Misconfiguration - DNS Records json "host": "max1.liveplan.com", "resolver": "1.0.0.1:53" , "a": "54.68.121.128" , "cname":...

8x8: DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com

@melbadry9 reported to us an issue with an A record which pointed to subdomains outside of 8x8's control. This was caused due to a misconfiguration in a script, together with changes in AWS' DNS resolution behaviour. The issue has been rectified...

The vulnerability of the Netlify domain controller, related to improperly configured DNS records, allows attackers to intercept cookie files, bypass Content Security Policy (CSP) security policies, Cross-Origin Resource Sharing (CORS) mechanisms, and gain unauthorized access to protected information.

The vulnerability of the Netlify domain controller implementation is related to improperly configured DNS records. Exploiting this vulnerability allows a malicious actor to intercept cookie files, bypass security mechanisms like CSP, Cross-Origin Resource Sharing CORS, and gain unauthorized acces...

8x8: DNS Misconfiguration (Subdomain Takeover) ███████.8x8.com

An EC2 instance was replaced but the DNS record was initially not updated/removed. The issue has been rectified. https://medium.com/bugbountywriteup/dangling-dns-aws-ec2-e2d801701e8...

New Relic: DNS misconfiguration on email.alerts.newrelic.com

While checking the subdomains i found that the subdomain email.alerts.newrelic.com upon navigating downloads a file saying "Mailgun Magnificent API" And has the following DNS info screenshot attached The problem lies in this issue: You add the domain email.alerts.newrelic.com to Mailgun Mailgun...

Error: "Cannot Complete Your Request" Due to DNS Misconfiguration on StoreFront

The following error is displayed due to DNS misconfiguration on StoreFront: Cannot Complete Your Request...

Mail.ru: DNS Misconfiguration

Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...

U.S. Dept Of Defense: DNS Misconfiguration

Multiple reporters identified a DNS configuration issue in the defense.gov domain that could allow same-site scripting. Thanks to @myst404 for first reporting this, and to @atik-rahman and others for also reporting it...

Respondly: DNS Misconfiguration

Hey !! Daksh Here !! This time i would like to report DNS Misconfiguration in your site . I have noticed your http://localhost.respond.ly/ has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy:...