17 matches found
WordPress Table Field Add-on for ACF and SCF plugin <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Table Cell Content vulnerability discovered by shark3y in WordPress Plugin Table Field Add-on for ACF and SCF versions = 1.3.30...
The vulnerability of the SCF file processing mechanism in Windows operating systems allows attackers to exploit the NTLM hash.
The vulnerability of the SCF-file processing mechanism in Windows operating systems is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to reveal the NTLM hash when a user opens a folder containing a specially crafted SCF-file...
PT-2024-29426 · WordPress · Simple Basic Contact Form
Name of the Vulnerable Software and Affected Versions: Simple Basic Contact Form plugin for WordPress versions up to and including 20221201 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts vi...
Which security framework? All of them, in the SCF
TL;DR: All roads lead to Rome. There are plenty of ways to meet your security requirements ISO 27001 is not everything. There, I said it What is the Secure Controls Framework SCF? Why you should consider SCF on your journey to security excellence PTP has a myriad of customers coming for help to...
The vulnerability of the Mozilla Firefox browser on Windows operating systems, related to security configuration errors, allows attackers to access confidential information.
The vulnerability of the Mozilla Firefox browser on Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information using a created .scf script...
CVE-2023-25740
After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox for Windows. Other...
CVE-2023-25740
After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox for Windows. Other...
Design/Logic Flaw
After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox for Windows. Other...
CVE-2023-25740
CVE-2023-25740 affects Firefox for Windows (pre-110). After downloading a Windows .scf script from the local filesystem, an attacker could specify a remote path that triggers unexpected network requests by the OS and may leak NTLM credentials. Impact is limited to Firefox on Windows; other OSes a...
CVE-2023-25740
After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox for Windows. Other...
Microsoft Windows SCF File Feature Bypass Vulnerability
Microsoft Windows suffers from an SCF open file security warning feature bypass vulnerability. Exploit Title: Microsoft Windows 'SCF' File 'Open File Security Warning' Feature Bypass Vulnerability Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...
Microsoft Windows SCF File Feature Bypass
Exploit Title: Microsoft Windows 'SCF' File 'Open File Security Warning' Feature Bypass Vulnerability Google Dork: N/A Date: August 3, 2018 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7 SP1, 8.1 with full...
icebreaker - Gets Plaintext Active Directory Credentials If You'Re On The Internal Network
Break the ice with that cute Active Directory environment over there. Automates network attacks against Active Directory to deliver you piping hot plaintext credentials when you're inside the network but outside of the Active Directory environment. Performs 5 different network attacks for plainte...
Automate Network Attacks Against Active Directory: icebreaker
Break the ice with that cute Active Directory environment over there. Automates network attacks against Active Directory to deliver you piping hot plaintext credentials when you’re inside the network but outside of the Active Directory environment. Performs 5 different network attacks for plainte...
Windows NTLM Auth Hash Disclosure / Denial Of Service Vulnerabilities
Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine. Hello, I want to share some information with the people on the list. On May 24, I found a problem with NTLM auth on Windows. Under certain circumstances a shared...
Windows NTLM Auth Hash Disclosure / Denial Of Service
Hello, I want to share some information with the people on the list. On May 24, I found a problem with NTLM auth on Windows. Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine. This was already reported to MSRC on...
Beware! Hackers Can Steal Your Windows Password Remotely Using Chrome
A security researcher has discovered a serious vulnerability in the default configuration of the latest version of Google's Chrome running on any version of Microsoft's Windows operating system, including Windows 10, that could allow remote hackers to steal user's login credentials. Researcher...