EUVD-2019-10267

Malware in sbrugna...

DNS rebinding attacks explained: The lookup is coming from inside the house!

My colleague Kevin Stubbings mentioned the topic of DNS rebinding attacks in a previous blog post. No worries if you haven't read it yet though--in this article, we'll walk you through the concept of DNS rebinding from scratch, demystify how it works, and explore why it's a serious browser-based...

CVE-2019-1710

A vulnerability in the sysadmin virtual machine VM on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation...

CVE-2019-1710

A vulnerability in the sysadmin virtual machine VM on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation...

Dropbox: SSRF vulnerablity in app webhooks

Server Side Request Forgery SSRF is a vulnerabilty which allows an attacker to make web requests from the context of the server host machine to arbitrary URL's. This vulnerability can allow the attacker to access resources internal to the network, which would otherwise be inaccessible. This...