Cybersecurity information flow

This blog discusses a misconfiguration in an AWS S3 bucket owned by Oil India Limited, which exposed the Personally Identifiable Information (PII) and documents of job seekers.
https://oil-india.com
Hello, my name is Biraj Baishya, also known as brutexploiter. I am an independent security researcher, a full-time bug bounty hunter, and a mechanical engineer.
In this write-up, I will discuss how I discovered a critical vulnerability and protected the data of job seekers from a misconfiguration that could have been exploited by cyber attackers, potentially leading to a data breach.
Initial Discovery:
The discovery phase of the vulnerability was quite interesting because I visited the Oil India Limited website as a job seeker. Oil India Limited had recently announced job openings for various technical positions, so I visited the site to download the admit card for the examination. Suddenly, during the downloading process, I noticed that the documents were being served from an Amazon Web Services (AWS) S3 Bucket.

影响厂商:Shopify 奖励: 危险等级:none
" 生产密钥和数据在已被Shopify停止运营的子域上被发现／悬挂DNS\n\n（翻译说明：信：忠实于原文，达：表达清晰，雅：语言优美。）"

影响厂商:Shopify 奖励:500.0USD 危险等级:low
" 退出登录后，不会过期，攻击者可以重新使用旧的cookie。"

影响厂商:b'Shopify'(https://hackerone.com/shopify) 
" 生产密钥和数据在由Shopify不再运营的子域名上被发现／悬挂DNS"

影响厂商:b'Shopify'(https://hackerone.com/shopify) 
" 退出登录后，不会过期，攻击者可以重新使用旧的cookie。"

LuatOS -- Powerful embedded Lua Engine for IoT devices, with many components and low memory requirements (16K RAM, 128K Flash)

This blog discusses a misconfiguration in an AWS S3 bucket owned by Oil India Limited, which exposed the Personally Identifiable Information (PII) and documents of job seekers.
https://oil-india.com
Hello, my name is Biraj Baishya, also known as brutexploiter. I am an independent security researcher, a full-time bug bounty hunter, and a mechanical engineer.
In this write-up, I will discuss how I discovered a critical vulnerability and protected the data of job seekers from a misconfiguration that could have been exploited by cyber attackers, potentially leading to a data breach.
Initial Discovery:
The discovery phase of the vulnerability was quite interesting because I visited the Oil India Limited website as a job seeker. Oil India Limited had recently announced job openings for various technical positions, so I visited the site to download the admit card for the examination. Suddenly, during the downloading process, I noticed that the documents were being served from an Amazon Web Services (AWS) S3 Bucket.

Nmap - the Network Mapper. Github mirror of official SVN repository.

Red Hat Security Advisory 2024-2575-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2575-03 - 针对Red Hat Enterprise Linux 8的expat更新现已可用。解决的问题包括一个拒绝服务漏洞。"

Red Hat Security Advisory 2024-2577-03 - An update for shadow-utils is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

" 红帽安全公告2024-2577-03 - 现已为红帽企业Linux 8.8延长更新支持提供shadow-utils更新。"

Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.

" 红帽安全公告2024-2580-03 - 现已为Red Hat Enterprise Linux 8.8扩展更新支持提供yajl更新。解决的问题包括内存泄漏漏洞。"

Red Hat Security Advisory 2024-2581-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2581-03 - 针对Red Hat Enterprise Linux 8.8扩展更新支持的pcs更新现已可用。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2582-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

" 红帽安全公告2024-2582-03 - 针对Red Hat Enterprise Linux 8.4高级使命关键更新支持、Red Hat Enterprise Linux 8.4电信更新服务和Red Hat Enterprise Linux 8.4 SAP解决方案更新服务，现已提供内核更新。解决的问题包括使用后释放漏洞。"

Red Hat Security Advisory 2024-2583-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

" 红帽安全公告2024-2583-03 - 适用于红帽企业Linux 8.4高级使命关键更新支持、红帽企业Linux 8.4电信更新服务和红帽企业Linux 8.4 SAP解决方案更新服务的linux-firmware更新现已可用。"

Red Hat Security Advisory 2024-2584-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2584-03 - 针对Red Hat Enterprise Linux 8.4高级使命关键更新支持、Red Hat Enterprise Linux 8.4电信更新服务和Red Hat Enterprise Linux 8.4 SAP解决方案更新服务，pcs更新已可用。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2585-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

" 红帽安全公告2024-2585-03 - 针对 kernel-rt 的更新现已适用于 Red Hat Enterprise Linux 8.4 高级 mission-critical 更新支持、Red Hat Enterprise Linux 8.4 电信更新服务和 Red Hat Enterprise Linux 8.4 SAP 解决方案更新服务。解决的问题包括一个使用后释放漏洞。"

Red Hat Security Advisory 2024-2586-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

" 红帽安全公告2024-2586-03 - 适用于红帽企业Linux 8.4高级 mission critical更新支持、红帽企业Linux 8.4电信更新服务和红帽企业Linux 8.4 SAP解决方案更新服务的container-tools：3.0模块更新现已可用。"

Red Hat Security Advisory 2024-2587-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

" 红帽安全公告2024-2587-03 - 适用于Red Hat企业Linux 8.4高级关键更新支持、Red Hat企业Linux 8.4电信更新服务和Red Hat企业Linux 8.4 SAP解决方案更新服务的unbound更新现已可用。"

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

" 红帽安全公告2024-2616-03 -  TigerVNC 的更新现已适用于 Red Hat Enterprise Linux 9。"

Red Hat Security Advisory 2024-2619-03 - An update for rh-mysql80-mysql is now available for Red Hat Software Collections.

" 红帽安全公告2024-2619-03 - 适用于红帽软件收藏版的 rh-mysql80-mysql 更新现已提供。"

Red Hat Security Advisory 2024-2621-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

" 红帽安全公告2024-2621-03 - 针对Red Hat Enterprise Linux 8.8扩展更新支持的内核更新现已可用。解决的问题包括信息泄露、权限提升以及使用后释放漏洞。"

Red Hat Security Advisory 2024-2624-03 - Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service.

" 红色 Hat 安全公告 2024-2624-03 - 红色 Hat 企业级 Linux 8.2 高级更新支持，红色 Hat 企业级 Linux 8.2 SAP 解决方案更新服务，以及红色 Hat 企业级 Linux 8.2 电信更新服务。"

Red Hat Security Advisory 2024-2625-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2625-03 - 适用于Red Hat Enterprise Linux 7的rhc-worker-script更新现已发布。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2627-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

" 红帽安全公告2024-2627-03 - 针对红帽企业Linux 9.2扩展更新支持的内核更新现已可用。"

Red Hat Security Advisory 2024-2628-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

" 红帽安全公告2024-2628-03 - 针对红帽企业Linux 9.2扩展更新支持的kernel-rt更新现已可用。"

Red Hat Security Advisory 2024-2631-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.

" 红帽安全公告2024-2631-03 - 现已可在红帽生态系统目录中获取红帽Ceph Storage 6.1的更新。"

Red Hat Security Advisory 2024-2633-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.

" 红帽安全公告2024-2633-03 - 更新后的红帽Ceph Storage 6.1容器镜像现已可在红帽生态系统目录中获取。"

Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.

" 红帽安全公告2024-2639-03 - 容器迁移工具包1.7.15现已发布。"

Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.

" 在线旅游管理系统1.0版本存在远程SQL注入漏洞。"