Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

Operationalising Information Security Management: A Procedural Framework Analysis of ISO/IEC 27001:2022 Implementation in a Financial-Technology Organisation

Organisations operating within information-intensive environments face intensifying pressure to formalise the governance of information security. The ISO/IEC 27001:2022 standard provides a globally recognised framework for establishing, implementing, maintaining, and continually improving an...

A Penetration Testing Buyer's Guide for IT Security Teams

The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit ...

Massachusetts Hospital Agrees to Pay $1.5m After Stolen Laptop HIPAA Violation

Massachusetts Eye and Ear Infirmary, a Boston-based hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services HSS earlier this week, settling a HIPAA violation stemming from a 2010 incident. The agreement acknowledges that the hospital failed to comply with...

Cross site scripting

Cross-site scripting XSS vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "correctiv...

Default Password (D13hh[) for 'root' Account

The account 'root' has the password 'D13hh'. An attacker may use it to gain further privileges on this system. The presence of this account suggests the system may have the D13HH rootkit typically found on Solaris systems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root";...

KPMG-2002031: Jigsaw Webserver Path Disclosure

-------------------------------------------------------------------- Title: Jigsaw Webserver Path Disclosure BUG-ID: 2002031 Released: 17th Jul 2002 -------------------------------------------------------------------- Problem: ======== It is possible to disclose the physical path to the webroot...

eBay web site allows intruders to login to gain unauthorized access to user's information

Overview Ebay www.ebay.comis a popular online auction site. A vulnerability in the ebay web site prior to April 24, 2002, could have allowed an intruder to gain access to a victim's personal data. Description Prior to April 24, 2002, an intruder may have been able to gain access to certain person...

KPMG-2002029: Bea Weblogic Performance Pack Denial of Service

-------------------------------------------------------------------- Title: Bea Weblogic Performance Pack Denial of Service BUG-ID: 2002029 Released: 8th Jul 2002 -------------------------------------------------------------------- Problem: ======== If the performance pack is enabled, the Bea...

KPMG-2002028: Sitespring Server Denial of Service

-------------------------------------------------------------------- Title: Sitespring Server Denial of Service BUG-ID: 2002028 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== A malicious user with access to the Sitespring database...

Sun Microsystems Keys exposed and revoked

Overview Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are 3181 B12D C422 5DAC A340 CF86 2710 ABE6 and 1705 FB13 A22F 9AF3 C130...