Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 7:10 p.m.9 views

CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
CVE
CVE
added 2026/05/28 7:10 p.m.28 views

CVE-2026-49129

Music Player Daemon (MPD) <= 0.24.10 contains a server-side request forgery (SSRF) in CurlInputPlugin by setting CURLOPT_FOLLOWLOCATION without CURLOPT_REDIR_PROTOCOLS_STR. This allows unauthenticated attackers to bypass the http/https scheme restriction and redirect to non-HTTP protocols (e.g...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

Single Block On

In the digital age, individuals increasingly maintain active presences across multiple platforms ranging from social media and messaging applications to professional and communication tools. However, the current model for managing user level privacy and abuse is siloed, requiring users to block...

7.1AI score
Exploits0
Securelist
Securelist
added 2020/02/13 10:15 a.m.63 views

DDoS attacks in Q4 2019

News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service ARMS, part of the Apple Remote Desktop ARD...

7AI score
Exploits0
Penetration Testing Lab
Penetration Testing Lab
added 2018/06/06 6:39 a.m.8 views

Command and Control – Browser

Red Teams are always focused in the discovery of innovative ways to establish connections back to their command and control infrastructure. The main reasons that leads red teams to use standard protocols or native system functionality for command and control operations is to bypass some sort of...

1.7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/08/01 3:39 p.m.19 views

Legislation Proposed to Secure Connected IoT Devices

A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...

0.3AI score
Exploits0References5
Rows per page
Query Builder