41 matches found
Insulet Corporation: Subdomain Takeover due to unclaimed domain pointing to Acquia Cloud
ssue Details The consultant identified that subdomain http:// or https://qa.myomnipod.com Web Site Not Found Sorry, we could not find any content for this web address. Please check the URL. If you are an Acquia Cloud customer and expect to see your site at this address, you'll need to add this...
Code injection
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-90...
Code injection
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-64...
Threats in the Netherlands
Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...
Semrush: subdomain takeover at news-static.semrush.com
Summary: The subdomain news-static.semrush.com can be taken over by attackers and abuse it for further attacks Phishing, XSS Cross origin, malware, etc... Description: The subdomain news-static.semrush.com was pointed using CNAME to Amazon S3, but no bucket with that name was registered. This mea...
Gratipay: Sub Domain Takeover
One of Gratipay's sub domains points to Heroku with no app created. Description Gratipay's sub domain http://www.gratipay.com.herokudns.com/ points to Heroku but is not in use. Steps To Reproduce Details - Upon realization of vulnerability, installed and created a Heroku dependencies and...
HackerOne: Subdomain takeover #2 at info.hacker.one
Summary: Hi team, looking the fix released from unbounce team at https://hackerone.com/reports/202767 i've been able to bypass it and takeover again the subdomain info.hacker.one with a new Vulnerable-Endpoint at UnbouncePages App Actual Dns Entry: F164154 Steps To Reproduce & New PoC for HackerO...
HackerOne: Subdomain takeover at info.hacker.one
Summary: Hi team,i've been able to takeover subdomain at info.hacker.one, the CNAME entry in the subdomain is pointing to an external page service app.unbounce.com. Actual Dns Entry: F156764 Steps To Reproduce 1 I have claimed the domain and placed a page for PoC validation located under: Go to -...
Paragon Initiative Enterprises: Subdomain Takeover
Hello, Your Subdomain engineering.github.com/paragonie is Pointing to Tumblr.com You should immediately remove the DNS-entry for engineering.zomato.com is Pointing to Tumblr.com.. Any One Can Claim That Domain , Please Read The Advisory Below. Remediation Please make sure you're always going...
Trello: Full Sub Domain Takeover at help.trello.com.
Hey The subdomain http://help.trello.com./ uses helpscout to host docs While helpscout does not distinguish between help.trello.com. and help.trello.com Notice trailing dot I created a test page and hosted it for help.trello.com. and since DNS entry is already present http://help.trello.com./ now...
KIWI.KI GmbH: Subdomain takeover : URGENT
hi, one of your subdomain is pointing to FRESHDESK but servicce is expire there, so i can claim this http://service.kiwi.ki/ subdomain. Fix: remove dns entry of this subdomain asap Thanks...
Zomato: Subdomain Takeover
Hello, Your Subdomain engineering.zomato.com is Pointing to Tumblr.com You should immediately remove the DNS-entry for engineering.zomato.com is Pointing to Tumblr.com.. Any One Can Claim That Domain , Please Read The Advisory Below. Remediation Please make sure you're always going through your...
Vimeo: URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io
Hi, Brief This is an urgent issue and I hope you will act on it likewise. Your subdomain status.vimeo.com is pointing to hosted.statuspage.io, but no statuspage was connected to it. This means that anyone can claim the subdomain by setting up a statuspage.io site and using "status.vimeo.com" as t...
X (Formerly Twitter): URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS
Hi, This is an urgent issue and I hope you will act on it likewise. Your subdomain media.vine.co is pointing to AWS S3, but no bucket was connected to it. Actually, the reason to it is due to the CNAME of the meda.vine.co-DNS-entry: media.vine.co - media.vine.co is an alias for...
Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10554/info Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry. A web server with a wildcard DNS entry will respond to any hostname requested. A...
KALI Linux Mailing List Website Hacked Using Heartbleed Vulnerability
When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution also known as Backtrack, which is designed for security professionals and packed with more than 300 security testing tools. But Today, Mailing List sub-domain of Kali Linux get hacked...
Microsoft Patches Worm Holes in Mail Server, Visual Basic for Apps
Microsoft today issued patches for a pair of critical remote code execution vulnerabilities in Windows and Microsoft Office and urged affected users to apply the fixes as soon as possible. The most serious issue, addressed in the MS10-030 bulletin, affects Outlook Express, Windows Mail and Window...
Important: Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver
Updated glibc packages are available to fix two vulnerabilities in the resolver functions. The glibc package contains standard libraries which are used by multiple programs on the system. A buffer overflow vulnerability has been found in the way the glibc resolver handles the resolution of networ...
CVE-1999-0223
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry...
CVE-2000-0536
CVE-2000-0536 affects xinetd 2.1.8.x where access control relies on hostnames; if a connecting host has no reverse DNS entry, connections are not properly restricted. This can allow unauthorized access or bypass controls intended by hostname-based filtering. The vulnerability is described in the ...