Lucene search
K

5111 matches found

Kitploit
Kitploit
added 2022/04/03 12:30 p.m.24 views

CobaltBus - Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup 1. Create an Azure Service Bus 2. Create a Shared access policy Connection string that can only Send and Listen 3. Edit the static connectionString variable in Beacon C projects to match the "Primar...

7.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/01 11:15 p.m.15 views

CVE-2022-25159

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series...

8.1CVSS6.9AI score0.02068EPSS
Exploits0References4
NVD
NVD
added 2022/04/01 11:15 p.m.16 views

CVE-2022-25159

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series...

8.1CVSS0.02068EPSS
Exploits0References3
Prion
Prion
added 2022/04/01 11:15 p.m.24 views

Authentication flaw

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series...

6.8CVSS8AI score0.02068EPSS
Exploits0References3
CVE
CVE
added 2022/04/01 10:18 p.m.74 views

CVE-2022-25159

CVE-2022-25159 describes an Authentication Bypass by Capture-replay affecting Mitsubishi Electric MELSEC iQ-F and iQ-R/Q/L series (FX5U, FX5UJ, R00/01/02, R04/08/16/32/120(EN), R08/16/32/120SF, R16/32/64MT, RJ71C24(-R2/R4), RJ71EN71, RJ72GF15-T2, Q03/04/06/13/26UDV, Q04/06/13/26UDPV, QJ71C24N(-R2...

8.1CVSS8AI score0.02068EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/01 12:0 a.m.46 views

Debian DLA-2967-1 : wireshark - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2967 advisory. Multiple security vulnerabilities have been discovered in Wireshark, a network traffic analyzer. An attacker could cause a denial of service infinite loop or...

9.8CVSS7.4AI score0.03879EPSS
Exploits8References21
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:38 p.m.45 views

Security Bulletin: OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to potential denial of service (CVE-2021-3712)

Summary OpenSSL as used by IBM QRadar Network Packet Capture is vulnerable to potential denial of service. QRadar Network Packet Capture has addressed the issue. Vulnerability Details CVEID: CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused b...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software1
ICS
ICS
added 2022/03/31 12:0 a.m.78 views

Mitsubishi Electric FA Products

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay...

9.1CVSS7.9AI score0.0229EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/03/30 12:0 a.m.24 views

SaltStack Salt Authentication Bypass by Capture-replay

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...

8.8CVSS7.2AI score0.00808EPSS
Exploits0References10Affected Software1
Huntr
Huntr
added 2022/03/28 6:1 a.m.28 views

Non Privilege User can Enable or Disable Registered

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr-6.0.0/interface/modules/zendmodules/public/Installer/manage Affected Parameters “modAction=enabled” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can disable and...

4CVSS0.3AI score0.00863EPSS
Exploits2References1
Microsoft CVE
Microsoft CVE
added 2022/03/26 7:0 a.m.2 views

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file

...

7.5CVSS7AI score0.031EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/03/25 7:25 p.m.30 views

Metasploit Weekly Wrap-Up

Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually,...

7.7AI score
Exploits0
hivepro
hivepro
added 2022/03/25 2:16 p.m.223 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
GithubExploit
GithubExploit
added 2022/03/23 3:3 p.m.683 views

Exploit for Authentication Bypass by Capture-replay in Honda Civic_2018_Firmware

CVE-2022-27254 PoC for vulnerability in Honda's Remote Keyless...

5.3CVSS7.8AI score0.01083EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.17 views

openSUSE: Security Advisory for rust, (openSUSE-SU-2022:0843-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.3CVSS7.4AI score0.01376EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.6 views

Github clash 访问控制错误漏洞

Github clash is a rule-based tunnel in Go. A security vulnerability exists in Github clash, which can be exploited by embedding a malicious iframe page into a website with a crafted URL that launches the Clash Windows client and forces it to open a remote SMB share. Windows will perform NTLM...

8.8CVSS8.2AI score0.00634EPSS
Exploits1References2
Kitploit
Kitploit
added 2022/03/18 8:30 p.m.21 views

S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One

Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable. S1EM ...

7.4AI score
Exploits0References34
BDU FSTEC
BDU FSTEC
added 2022/03/18 12:0 a.m.5 views

The vulnerability of the Screen Capture function in Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Screen Capture function in Google Chrome browser relates to the use of memory after deallocation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through a specially created web page from a remote location...

9.3CVSS8.2AI score0.00918EPSS
Exploits1References13Affected Software7
Github Security Blog
Github Security Blog
added 2022/03/16 12:0 a.m.29 views

CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4AI score0.00705EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/16 12:0 a.m.21 views

GHSA-VQ6C-FVXW-P45V CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS6.7AI score0.00705EPSS
Exploits0References4
Rows per page
Query Builder