Lucene search
+L

5160 matches found

Tenable Nessus
Tenable Nessus
added 2017/02/15 12:0 a.m.33 views

Amazon Linux AMI : bind (ALAS-2017-798)

A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. C Tenable Network Security, Inc. The...

7.5CVSS7.3AI score0.24602EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/02/06 9:14 a.m.18 views

Greenhouse.io: Open Redirect in <customer>.greenhouse.io

Open Redirect in scout24.greenhouse.io The Scout24 Security Team did a penetration test against scout24.greenhouse.io in order to verify how Scout24 relevant data is protected against common attack vectors. Basically we have tested the web application against OWASP Top 10 using industry common...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/02/01 10:20 p.m.16 views

Mapbox: Public access to objects in AWS S3 bucket

On February 1st, 2017, Sahilsaif discovered an S3 bucket belonging to Mapbox which contained publicly accessible objects which should have been private. Using Sahilsaif's report, Mapbox mitigated the report by making the affected objects private...

2.5AI score
Exploits0
ThreatPost
ThreatPost
added 2017/01/23 1:31 p.m.5 views

Heartbleed Persists on 200,000 Servers, Devices

Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are disproportionately vulnerable to the flaw. “There’s a lot to be...

7.2AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/01/18 10:12 p.m.42 views

Moderate: Red Hat Security Advisory: eap7-jboss-ec2-eap security update

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scori...

6.5CVSS6.4AI score0.02658EPSS
Exploits0References5
hackapp
hackapp
added 2017/01/18 10:27 a.m.35 views

BZWBK24 mobile - AWS Credentials, Customized SSL, Runtime privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application BZWBK24 mobile published at the 'play' market has multiple vulnerabilities...

1.5AI score
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2016/12/27 4:25 a.m.13 views

Legal Robot: Legal Robot AWS S3 Bucket Directory Listing

A security researcher found an AWS S3 bucket serving public resources intentionally. The files in this bucket were static assets like logos and marketing assets. We later removed this bucket altogether and therefore re-opened and marked this report as Resolved...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2016/12/21 1:10 p.m.24 views

WebSummit: Subdomain Takeover at http://gameday.websummit.net

As i said in the title i found a subdomain takeover vulnerability on the url http://gameday.websummit.net The url was trying to find a bucket that didn't exist from a probably forgotten dns entry that was at gameday.websummit.net.s3-website-eu-west-1.amazonaws.com So i created a bucket with the...

7AI score
Exploits0
Kitploit
Kitploit
added 2016/12/09 2:55 p.m.19 views

PhishLulz - Ruby toolset aimed at automating Phishing activities

PhishLulz is a Ruby toolset aimed at automating Phishing activities. When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy...

7.3AI score
Exploits0References4
Hacker One
Hacker One
added 2016/12/07 1:51 a.m.32 views

Legal Robot: S3 ACL misconfiguration

Summary: Legal Robot's s3 bucket legalrobot.com is misconfigured. The ACL allows me to access and copy all files. This means that I could go through and copy all the media files on the s3 bucket. I did not attempt to delete any files as I did not want to go too far and affect your operations. Ste...

2.1AI score
Exploits0
myhack58
myhack58
added 2016/12/07 12:0 a.m.23 views

Through AWS, Google Cloud and Digital Ocean DNS vulnerability take over nearly 12 million domain names-bug warning-the black bar safety net

Shortly before, I was at cloud hosting provider Digital Ocean domain into the system found a security vulnerability, an attacker or may exploit this vulnerability to take over two million of the plurality of domain names in the report of the transfer gate on. If you have not read this report whil...

6.8AI score
Exploits0
The Hacker Blog
The Hacker Blog
added 2016/12/05 4:30 p.m.30 views

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean

Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K domain names. If you haven't given that post a read I recommend doing so before going through this write up. Originally I had assumed that this issue was...

2.9AI score
Exploits0
Hacker One
Hacker One
added 2016/11/30 6:19 a.m.42 views

Starbucks: Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record

Hi, I discovered that happymondays.starbucks.com DNS CNAME record is pointing to S3 AWS bucket which doesn't exist. Here's the screenshot of vulnerable domain: F138556 As happymondays.starbucks.com was free to register on AWS S3 service and DNS-setup is already correct set-up: F138557 I was able ...

0.5AI score
Exploits0
hackapp
hackapp
added 2016/11/28 8:8 a.m.29 views

Red Stamp Cards - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Red Stamp Cards published at the 'play' market has multiple vulnerabilities...

0.6AI score
Exploits0References1Affected Software1
Metasploit
Metasploit
added 2016/11/22 10:55 p.m.40 views

Create an AWS IAM User

This module will attempt to create an AWS Amazon Web Services IAM Identity and Access Management user with Admin privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/aws/client'...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/03 5:52 p.m.33 views

Important: Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.0.3

The jboss-ec2-eap package that adds an enhancement is now available for Red Hat JBoss Enterprise Application Platform 7.0.3 on Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

7.1CVSS6.5AI score0.0248EPSS
Exploits0References5
Metasploit
Metasploit
added 2016/10/28 9:48 p.m.52 views

UNIX Gather AWS Keys

This module will attempt to read AWS configuration files .aws/config, .aws//credentials and .s3cfg for users discovered on the session'd system and extract AWS keys from within. This module requires Metasploit: https://metasploit.com/download Current source:...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/10/21 7:33 a.m.22 views

██████: AWS Credentials leaked: access to production database backups, SSL certs and more

I found a public accessible Jenkins instance: https://██████jenkins.██████.com This instance requires login, however, it is possible to register an account using the signup page: https://██████jenkins.██████.com/signup Arbitrary file reads From there it is possible to use the Jenkins Script Conso...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/18 12:0 a.m.61 views

RHEL 6 : jboss-ec2-eap (RHSA-2016:2072)

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.8CVSS7.6AI score0.35927EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/10/17 7:15 p.m.48 views

Moderate: Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.8CVSS7.3AI score0.35927EPSS
Exploits0References3
Rows per page
Query Builder