14 matches found
EUVD-2021-10781
Malware in sbrugna...
EUVD-2020-2720
Malware in sbrugna...
goshs route not protected, allows command execution
Summary It seems that when running goshs without arguments it is possible for anyone to execute commands on the server. This was tested on version 1.0.4 of goshs. The command function was introduced in version 0.3.4. Details It seems that the function dispatchReadPump does not checks the option c...
8x8: Unprotected Atlantis Server at https://152.70.█.█
Atlantis is an application for automating Terraform via pull requests. @shuvam321 reported to us an exposed Atlantis test server in our infrastructure. No sensitive information had been disclosed & we restricted access to the Atlantis service entirely, which resolved the issue...
PT-2021-15571 · Rexroth +1 · Indramotion Mlc L20 +13
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue involves information disclosure where the main configuration, including users and their hashed passwords, is exposed through an unprotected web server resource. This...
PT-2021-15568 · Rexroth +1 · Indramotion Mlc Indramotion Xlc +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an exposed user and password database due to an unprotected web server resource. The passwords are hashed using a weak hashing algorithm, making them susceptible ...
Data analytics firm Polecat data breach – 30TB of data exposed
By Waqas Polecat exposed an Elasticsearch server that wasn't protected with any authentication measures or any form of encryption. This is a post from HackRead.com Read the original post: Data analytics firm Polecat data breach - 30TB of data exposed...
Mattress Company Leaks Data Records of 387K Customers
A Wisconsin mattress company leaked the records of 387,000 customers online in a database that lacked password protection, a security researcher has found. The incident once again demonstrates the potential security consequences of failing to take even the simplest security measures to protect...
Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers
UPDATE Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm...
Cloud communication firm exposes millions of sensitive text messages to public access
By Waqas There’s bad news for those who rely upon SMS-based 2FA authentication. A Berlin-based security researcher Sébastien Kaul has revealed that Voxox exposed a huge database containing tens of millions of text messages by storing it on an unprotected server. The VOIP and Cloud communication f...
Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server
Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server. Chris Vickery, researcher and...
Voter Database Leak Exposes 154 Million Sensitive Records
White hat hacker Chris Vickery uncovered a database of 154 million U.S. voter profiles on an unprotected server chockfull of sensitive data that includes voter names, addresses, email addresses, phone numbers, gun ownership information, preferences on gay marriage and links to individual social...
New POS Malware Uses Mailslots to Avoid Detection
New point-of-sale malware, LogPOS, has been using technology that evades detection by allowing the malware to inject code and act like a client while it shuttles stolen credit card numbers off to its command and control server. The technology, Microsoft Windows’ mailslots, isn’t new by any means...
unauthorized VNC access in AK-Systems Windows Terminals
WinCE-based Windows Terminals thin clients manufactured by AK-Systems http://www.ak-systems.ru/ with firmware version 1.2.5 ExVLP feature a VNC server for remote administration and setup. The VNC access is not protected by password, so anyone with a VNC client can connect to the terminal and watc...