7 matches found
sb-poc-web
StackBill Deployer Web-based deployment portal for StackBill...
When AI chatbots leak and how it happens
In a recent article on Cybernews there were two clear signs of how fast the world of AI chatbots is growing. A company I had never even heard of had over 150 million app downloads across its portfolio, and it also had an exposed unprotected Elasticsearch instance. This needs a bit of an...
GHSA-JXMR-2H4Q-RHXP WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled
Summary Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can: - Stream real-time application logs information disclosure. - Gain insight into internal file...
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled
Summary Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can: - Stream real-time application logs information disclosure. - Gain insight into internal file...
How to Set Up Syslog to Capture Logs Real Time on a Central Location
This article describes how set up a Syslog server when you are experiencing issues across multiple XenServers and need to capture logs real-time on a central location...
Slack: Real Time Error Logs Through Debug Information
Summary: During the assessment, I have found the debug URL on slackb.com which is disclosing the World Wide real time error logs of Slack users. The information leaked includes the following: 1. User Device Information 2. Redacted Token 3. Client IP Address 4. Description 5. Session ID 6. Team ID...
SolarWinds Log and Event Manager Postgres Database Security Bypass Vulnerability
SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A security bypass vulnerability exists in the Postgres database of SolarWinds Log and Event Manager 6.3.1, which stems from the database having a...