6 matches found
CVE-2026-49129
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
CVE-2026-49129
Music Player Daemon (MPD) <= 0.24.10 contains a server-side request forgery (SSRF) in CurlInputPlugin by setting CURLOPT_FOLLOWLOCATION without CURLOPT_REDIR_PROTOCOLS_STR. This allows unauthenticated attackers to bypass the http/https scheme restriction and redirect to non-HTTP protocols (e.g...
Single Block On
In the digital age, individuals increasingly maintain active presences across multiple platforms ranging from social media and messaging applications to professional and communication tools. However, the current model for managing user level privacy and abuse is siloed, requiring users to block...
DDoS attacks in Q4 2019
News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service ARMS, part of the Apple Remote Desktop ARD...
Command and Control – Browser
Red Teams are always focused in the discovery of innovative ways to establish connections back to their command and control infrastructure. The main reasons that leads red teams to use standard protocols or native system functionality for command and control operations is to bypass some sort of...
Legislation Proposed to Secure Connected IoT Devices
A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...