5160 matches found
lh-content.s3.amazonaws.com XSS vulnerability
Open Bug Bounty ID: OBB-153712 Description| Value ---|--- Affected Website:| lh-content.s3.amazonaws.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Nobby - AWS Credentials, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Nobby published at the 'play' market has multiple vulnerabilities...
AWS CAPTCHA Bypass
The process of AWS login has a feature: if you use "fresh" browserno cookie, no cache, etc to sign in, put correct email and correct password there, CAPTCHA is required"To better protect your account, please re-enter your password and then enter the characters as they are shown in the image below...
Bumble: AWS S3 Bucket hotornot-images permissions allow for listing and removing files
We do not use amazon AWS but @yaworsk wanted to disclose his report anyway. Why not, we can do. ---- Hi All, Though I'm not 100% sure you own the bucket - and if not, I would appreciate being able to close this myself - I believe you may own the S3 bucket hotornot-images. If so, using the AWS CLI...
Zendesk: AWS S3 bucket writable for authenticated aws user
The researcher reported an AWS S3 bucket exposed with read and write privledges. The S3 bucket was intentionally readable but the write privledges have since been removed...
Udemy: AWS S3 bucket writable for authenticated aws user
Hey, I found an open S3 Amazon bucket udemy-maven. While I can’t confirm if you own it or not, it appears that it is publicly writable using the aws cli. When I write to udemy-maven, I get: move: ./test.txt to s3://udemy-maven/test.txt And also when I remove file, I get: delete:...
CVE-2016-2084
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
Default configuration
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
CVE-2016-2084
CVE-2016-2084 affects F5 BIG-IP and BIG-IQ cloud deployments (AWS, Azure, Verizon) where certificates and keys are not regenerated during deployment, allowing potential disclosure of sensitive data or disruption. The root cause is improper regeneration of certificates/keys when deploying cloud im...
CVE-2016-2084
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....
SOL11772107 - BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084
Note: Upgrading a vulnerable version to a not vulnerable version will not mitigate this issue; performing an upgrade on a vulnerable instance will cause the instance to remain vulnerable after the upgrade. Furthermore, any backups that are made from a vulnerable instance and restored to a not...
Amazon Web Services EC2 Instance Metadata Enumeration (Windows)
Binary data enumerateawsamiwin.nbin...
X (Formerly Twitter): niche s3 buckets are readable/writeable/deleteable by authorized AWS users
Hi All, I've discovered that the AWS buckets by niche, niche-s3-production, is accessible for authorized AWS users using the AWS command line tools. Issue As such, I have confirmed: - I can list all files in the bucket with the command aws s3 ls s3://niche-s3-production - I can copy files from th...
RHEL 6 : jboss-ec2-eap (RHSA-2016:0598)
A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application Platform 6.4.7 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update
A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application Platform 6.4.7 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
HackerOne: AWS S3 bucket writeable for authenticated aws users
Hi All, I know that hackerone-attachments is used for file uploads on reports and so I did a quick scan for similar buckets and found . While I can't confirm if you own it or not, it appears that it is publicly writable using the aws cli. When I tried to write to hackerone-attachments, I get: "mo...
PBS KIDS Party - AWS Credentials, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application PBS KIDS Party published at the 'play' market has multiple vulnerabilities...
Baby Sign and Sing Lite - AWS Credentials, Base64 encoded String, Customized SSL vulnerabilities
HackApp vulnerability scanner discovered that application Baby Sign and Sing Lite published at the 'play' market has multiple vulnerabilities...
Lottie Dottie Chicken - AWS Credentials, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Lottie Dottie Chicken published at the 'play' market has multiple vulnerabilities...
Pango FREE - AWS Credentials, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities
HackApp vulnerability scanner discovered that application Pango FREE published at the 'play' market has multiple vulnerabilities...