11 matches found
CVE-2024-41806
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806
Open edX Platform's instructor CSV uploads for cohorts can be publicly accessible when using certain storage backends. The root cause is that uploads to AWS S3 buckets could be written with a public ACL in affected branches (master, palm, olive, nutmeg, maple, lilac, koa, juniper). A patch (commi...
LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults
LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...
Fedora: Security Advisory for mass3 (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 35 Update: mass3-0-0.6.20200627gite1d5f1a.fc35
Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading...
Fedora: Security Advisory for mass3 (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: mass3-0-0.6.20200627gite1d5f1a.fc36
Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading...
Common Security Misconfigurations and Their Consequences
Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...
AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names. Download AWSGen.py...
AWS Slurp Github Takeover
Slurp is a tool used by information security professionals to enumerate AWS S3 buckets. Slurp takes a domain name example.com or wordlist as input and cycles through likely S3 bucket names example.s3.amazonaws.com looking for any world-read/writeable buckets. S3 buckets are a great find for...