Lucene search
+L

41 matches found

Hacker One
Hacker One
added 2020/05/14 9:39 p.m.394 views

Insulet Corporation: Subdomain Takeover due to unclaimed domain pointing to Acquia Cloud

ssue Details The consultant identified that subdomain http:// or https://qa.myomnipod.com Web Site Not Found Sorry, we could not find any content for this web address. Please check the URL. If you are an Acquia Cloud customer and expect to see your site at this address, you'll need to add this...

0.4AI score
Exploits0
Prion
Prion
added 2019/08/01 5:15 p.m.14 views

Code injection

cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-90...

9.3CVSS8.2AI score0.02502EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/08/01 3:15 p.m.18 views

Code injection

cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-64...

9.3CVSS8.2AI score0.02502EPSS
Exploits0References2Affected Software1
Securelist
Securelist
added 2018/10/11 7:30 a.m.44 views

Threats in the Netherlands

Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/12/01 10:4 a.m.57 views

Semrush: subdomain takeover at news-static.semrush.com

Summary: The subdomain news-static.semrush.com can be taken over by attackers and abuse it for further attacks Phishing, XSS Cross origin, malware, etc... Description: The subdomain news-static.semrush.com was pointed using CNAME to Amazon S3, but no bucket with that name was registered. This mea...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2017/04/15 4:58 a.m.47 views

Gratipay: Sub Domain Takeover

One of Gratipay's sub domains points to Heroku with no app created. Description Gratipay's sub domain http://www.gratipay.com.herokudns.com/ points to Heroku but is not in use. Steps To Reproduce Details - Upon realization of vulnerability, installed and created a Heroku dependencies and...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/02/26 2:25 a.m.370 views

HackerOne: Subdomain takeover #2 at info.hacker.one

Summary: Hi team, looking the fix released from unbounce team at https://hackerone.com/reports/202767 i've been able to bypass it and takeover again the subdomain info.hacker.one with a new Vulnerable-Endpoint at UnbouncePages App Actual Dns Entry: F164154 Steps To Reproduce & New PoC for HackerO...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/02/02 5:33 a.m.52 views

HackerOne: Subdomain takeover at info.hacker.one

Summary: Hi team,i've been able to takeover subdomain at info.hacker.one, the CNAME entry in the subdomain is pointing to an external page service app.unbounce.com. Actual Dns Entry: F156764 Steps To Reproduce 1 I have claimed the domain and placed a page for PoC validation located under: Go to -...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2016/11/05 4:41 p.m.25 views

Paragon Initiative Enterprises: Subdomain Takeover

Hello, Your Subdomain engineering.github.com/paragonie is Pointing to Tumblr.com You should immediately remove the DNS-entry for engineering.zomato.com is Pointing to Tumblr.com.. Any One Can Claim That Domain , Please Read The Advisory Below. Remediation Please make sure you're always going...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2016/10/06 10:24 p.m.147 views

Trello: Full Sub Domain Takeover at help.trello.com.

Hey The subdomain http://help.trello.com./ uses helpscout to host docs While helpscout does not distinguish between help.trello.com. and help.trello.com Notice trailing dot I created a test page and hosted it for help.trello.com. and since DNS entry is already present http://help.trello.com./ now...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2016/02/24 6:52 p.m.25 views

KIWI.KI GmbH: Subdomain takeover : URGENT

hi, one of your subdomain is pointing to FRESHDESK but servicce is expire there, so i can claim this http://service.kiwi.ki/ subdomain. Fix: remove dns entry of this subdomain asap Thanks...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2016/02/01 2:15 p.m.101 views

Zomato: Subdomain Takeover

Hello, Your Subdomain engineering.zomato.com is Pointing to Tumblr.com You should immediately remove the DNS-entry for engineering.zomato.com is Pointing to Tumblr.com.. Any One Can Claim That Domain , Please Read The Advisory Below. Remediation Please make sure you're always going through your...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2015/02/28 6:36 p.m.23 views

Vimeo: URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io

Hi, Brief This is an urgent issue and I hope you will act on it likewise. Your subdomain status.vimeo.com is pointing to hosted.statuspage.io, but no statuspage was connected to it. This means that anyone can claim the subdomain by setting up a statuspage.io site and using "status.vimeo.com" as t...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2014/10/25 11:46 p.m.48 views

X (Formerly Twitter): URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS

Hi, This is an urgent issue and I hope you will act on it likewise. Your subdomain media.vine.co is pointing to AWS S3, but no bucket was connected to it. Actually, the reason to it is due to the CNAME of the meda.vine.co-DNS-entry: media.vine.co - media.vine.co is an alias for...

6.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10554/info Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry. A web server with a wildcard DNS entry will respond to any hostname requested. A...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2014/04/30 6:58 a.m.31 views

KALI Linux Mailing List Website Hacked Using Heartbleed Vulnerability

When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution also known as Backtrack, which is designed for security professionals and packed with more than 300 security testing tools. But Today, Mailing List sub-domain of Kali Linux get hacked...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2010/05/11 5:45 p.m.17 views

Microsoft Patches Worm Holes in Mail Server, Visual Basic for Apps

Microsoft today issued patches for a pair of critical remote code execution vulnerabilities in Windows and Microsoft Office and urged affected users to apply the fixes as soon as possible. The most serious issue, addressed in the MS10-030 bulletin, affects Outlook Express, Windows Mail and Window...

0.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/07/25 2:15 a.m.6 views

Important: Red Hat Security Advisory: : Updated glibc packages fix vulnerabilities in resolver

Updated glibc packages are available to fix two vulnerabilities in the resolver functions. The glibc package contains standard libraries which are used by multiple programs on the system. A buffer overflow vulnerability has been found in the way the glibc resolver handles the resolution of networ...

7.5CVSS7.3AI score0.13476EPSS
Exploits0References1
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.22 views

CVE-1999-0223

Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry...

6.6AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2000/10/13 4:0 a.m.44 views

CVE-2000-0536

CVE-2000-0536 affects xinetd 2.1.8.x where access control relies on hostnames; if a connecting host has no reverse DNS entry, connections are not properly restricted. This can allow unauthorized access or bypass controls intended by hostname-based filtering. The vulnerability is described in the ...

7.5CVSS7AI score0.02139EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder