5160 matches found
Amazon Linux AMI : bind (ALAS-2017-798)
A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. C Tenable Network Security, Inc. The...
Greenhouse.io: Open Redirect in <customer>.greenhouse.io
Open Redirect in scout24.greenhouse.io The Scout24 Security Team did a penetration test against scout24.greenhouse.io in order to verify how Scout24 relevant data is protected against common attack vectors. Basically we have tested the web application against OWASP Top 10 using industry common...
Mapbox: Public access to objects in AWS S3 bucket
On February 1st, 2017, Sahilsaif discovered an S3 bucket belonging to Mapbox which contained publicly accessible objects which should have been private. Using Sahilsaif's report, Mapbox mitigated the report by making the affected objects private...
Heartbleed Persists on 200,000 Servers, Devices
Almost 200,000 servers and devices are still vulnerable to Heartbleed, the OpenSSL flaw patched nearly three years ago. The numbers come from search engine Shodan, which released data showing U.S. servers hosted on Amazon AWS are disproportionately vulnerable to the flaw. “There’s a lot to be...
Moderate: Red Hat Security Advisory: eap7-jboss-ec2-eap security update
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scori...
BZWBK24 mobile - AWS Credentials, Customized SSL, Runtime privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application BZWBK24 mobile published at the 'play' market has multiple vulnerabilities...
Legal Robot: Legal Robot AWS S3 Bucket Directory Listing
A security researcher found an AWS S3 bucket serving public resources intentionally. The files in this bucket were static assets like logos and marketing assets. We later removed this bucket altogether and therefore re-opened and marked this report as Resolved...
WebSummit: Subdomain Takeover at http://gameday.websummit.net
As i said in the title i found a subdomain takeover vulnerability on the url http://gameday.websummit.net The url was trying to find a bucket that didn't exist from a probably forgotten dns entry that was at gameday.websummit.net.s3-website-eu-west-1.amazonaws.com So i created a bucket with the...
PhishLulz - Ruby toolset aimed at automating Phishing activities
PhishLulz is a Ruby toolset aimed at automating Phishing activities. When you start a phishing campaign, a dedicated Amazon EC2 Debian 7 instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy...
Legal Robot: S3 ACL misconfiguration
Summary: Legal Robot's s3 bucket legalrobot.com is misconfigured. The ACL allows me to access and copy all files. This means that I could go through and copy all the media files on the s3 bucket. I did not attempt to delete any files as I did not want to go too far and affect your operations. Ste...
Through AWS, Google Cloud and Digital Ocean DNS vulnerability take over nearly 12 million domain names-bug warning-the black bar safety net
Shortly before, I was at cloud hosting provider Digital Ocean domain into the system found a security vulnerability, an attacker or may exploit this vulnerability to take over two million of the plurality of domain names in the report of the transfer gate on. If you have not read this report whil...
The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean
Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K domain names. If you haven't given that post a read I recommend doing so before going through this write up. Originally I had assumed that this issue was...
Starbucks: Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
Hi, I discovered that happymondays.starbucks.com DNS CNAME record is pointing to S3 AWS bucket which doesn't exist. Here's the screenshot of vulnerable domain: F138556 As happymondays.starbucks.com was free to register on AWS S3 service and DNS-setup is already correct set-up: F138557 I was able ...
Red Stamp Cards - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Red Stamp Cards published at the 'play' market has multiple vulnerabilities...
Create an AWS IAM User
This module will attempt to create an AWS Amazon Web Services IAM Identity and Access Management user with Admin privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/aws/client'...
Important: Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.0.3
The jboss-ec2-eap package that adds an enhancement is now available for Red Hat JBoss Enterprise Application Platform 7.0.3 on Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
UNIX Gather AWS Keys
This module will attempt to read AWS configuration files .aws/config, .aws//credentials and .s3cfg for users discovered on the session'd system and extract AWS keys from within. This module requires Metasploit: https://metasploit.com/download Current source:...
██████: AWS Credentials leaked: access to production database backups, SSL certs and more
I found a public accessible Jenkins instance: https://██████jenkins.██████.com This instance requires login, however, it is possible to register an account using the signup page: https://██████jenkins.██████.com/signup Arbitrary file reads From there it is possible to use the Jenkins Script Conso...
RHEL 6 : jboss-ec2-eap (RHSA-2016:2072)
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...