EUVD-2018-2249

Malware in sbrugna...

Clario: XSS in https://affiliates.kromtech.com

Summary XSS in https://affiliates.kromtech.com Vulnerable URL: https://affiliates.kromtech.com/monetize-mac-traffic/adgroup/affiliatefixhello%22%3Ehello/type/affiliate Vulnerable Parameter: "URL Path" XSS Payload: hello"hello Steps To Reproduce: Navigate to the Vulnerable URL Notice the pop-up...

Privilege escalation

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shel...

CVE-2018-10171

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shel...

CVE-2018-10171

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shel...

CVE-2018-10171

CVE-2018-10171 affects MacKeeper version 3.20.4 and describes a root privilege escalation in the component com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper . The tool exposes an XPC service that allows an unprivileged app to connect and execute shell scripts with root privileges, enabl...

Unprotected Server Exposes Weight Watchers Internal IT Infrastructure

A critical server for popular weight-loss service Weight Watchers was left unprotected, allowing researchers to take a bite out of dozens of exposed S3 buckets containing company data and AWS access keys. Researchers at Kromtech Security said that they discovered a Weight Watchers Kubernetes...

Personal data of over 50,000 Honda Connect App leaked

By Waqas Researchers at Kromtech Security Center discovered a trove of data belonging This is a post from HackRead.com Read the original post: Personal data of over 50,000 Honda Connect App leaked...

kromtech-cgn.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-617467 Description| Value ---|--- Affected Website:| kromtech-cgn.cleverbridge.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Indian Cricket Board Exposes Personal Data of Thousands of Players

By Waqas The IT security researchers at Kromtech Security Center discovered a trove This is a post from HackRead.com Read the original post: Indian Cricket Board Exposes Personal Data of Thousands of Players...

kromtech-s.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-616625 Description| Value ---|--- Affected Website:| kromtech-s.cleverbridge.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

A misconfigured Amazon S3 Simple Storage Service bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed to the public internet. The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago, Ill.-based...

kromtech-s.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-485250 Description| Value ---|--- Affected Website:| kromtech-s.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

kromtech-cgn.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-485147 Description| Value ---|--- Affected Website:| kromtech-cgn.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket

Organizations continue to leak data through publicly accessible Amazon S3 buckets, pointing a harsh finger at continued lax attitudes toward the custodianship of sensitive data. Verizon is the latest business affected by this epidemic, leaking in this case files marked confidential from an intern...

Alaska Voter Database Exposed Online

By Waqas IT security researchers at Kromtech Security Center discovered an unprotected database This is a post from HackRead.com Read the original post: Alaska Voter Database Exposed Online...

Thousands of Elasticsearch Servers Hijacked to Host PoS Malware

Thousands of insecure Elasticsearch servers are hosting point-of-sale malware, according to an analysis by Kromtech Security Center. In total, researchers found 15,000 insecure Elasticsearch servers with 27 percent 4,000 hosting the PoS malware strains Alina and JackPoS. “The absence of...

Leaky WWE Database Exposes Personal Data of 3M Fans

Pro wrestling giant World Wrestling Entertainment notified fans on Thursday that a database containing personal information of three million fans was left on an insecure server. According to the WWE, personal information included names, both home and email addresses, earnings, ethnicity, children...

Auto Lender Exposes Loan Data For Up To 1 Million Applicants

A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, whi...