22 matches found
Microsoft Azure Monitor Agent Installed (Windows)
Binary data microsoftazuremonitoragentwininstalled.nbin...
Tips and Tools for Social Media Safety
Protect your social media presence with tools like privacy checkups, monitoring services, and digital footprint scanners. Stay secure by avoiding oversharing, limiting third-party app permissions, and using strong passwords...
VulnCheck KEV: CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...
Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm said the attackers had access to...
Design/Logic Flaw
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...
Mobile device monitoring services do not authenticate API requests
Overview The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability. These services and their associated apps can be used to perform non-consensual,...
Huge breach affects 9 million Cathay Pacific customers
Airlines aren’t having a good time of things at the moment. Even if you managed to dodge the recent British Airways fallout, you may well be caught up in the latest breach affecting no fewer than 9 million customers of Cathay Pacific. So what was taken? The impact this time around isn’t so much...
UPS Admits 51 Stores Hit With Malware For Five Months
The list of corporations that have been victimized by credit card stealing malware in 2014 grew a little longer this week as UPS announced that 51 of its stores suffered a “broad-based malware intrusion” earlier this spring. The company disclosed the breach – which affected franchised locations o...
Data Breach Exposes Customer Payment Card Information
Grocery giants Albertsons and SUPERVALU announced yesterday that a data breach may have exposed the credit and debit card information of an unknown number of its customers at various grocery store locations in more than 18 states. Behind Kroger’s, Albertsons is the second largest grocery store...
University Maryland Breach Exposes SocialSecurity numbers
Attackers breached a University of Maryland database containing more than 300,000 student, faculty, staff, and other affiliated records on Tuesday, according to an apology issued by the university’s president, Wallace D. Loh. While it is not clear exactly how many individuals are affected by the...
Biggest American Bank 'JPMorgan Chase' hacked; 465,000 card users' data stolen
JPMorgan Chase, one of the world's biggest Banks has recently announced that it was the victim of a cyber attack and warned round 465,000 of its holders of prepaid cash cards on the possible exposure of their personal information. In the Security Breach that took place on the bank's website...
Sony Pictures Admits to Another Breach Affecting Some 35k
Sony Pictures Entertainment SPE released a consumer alert yesterday admitting that an attack on SonyPictures.com compromised the personally identifiable information PII of some 37,500 of their customers. Sony said the breach did not spill any credit card information or social security numbers. It...
Insider Allegedly Leaked Data Belonging to 3,000 US Airways Pilots
An insider data breach at the US Airline Pilots Association USAPA has exposed the sensitive financial data of some 3,000 US Airways pilots, according to reports. The USAPA, a union representing more than 5,000 US Airways pilots, claims that the airline recently became aware of an incident in whic...
Cross site scripting
Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...
CVE-2007-1609
Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...
Oracle 10g Dynamic Monitoring Services XSS /servlet/Spy
Hi, Access to http://somesite/servlet/Spy should be restricted. But generally database or system administrators ignore the hardening of Oracle apllications or database. I have noticed XSS bug in Dynamic Monitoring services on Oracle-Application-Server-10g/10.1.2.0.0...
Oracle Dynamic Monitoring Services crossite scripting
Crossite scripting with /servlet/Spy...
Oracle 9iAS Dynamic Monitoring Services
In a default installation of Oracle 9iAS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted. OpenVAS Vulnerability Test $Id: oracle9iapachedms.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS Dynamic Monitoring...
Oracle 9i Application Server Dynamic Monitoring Services Accessible - Active Check
In a default installation of Oracle 9i Application Server AS, it is possible to access the Dynamic Monitoring Services pages anonymously. Access to these pages should be restricted. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and ar...