545 matches found
SaltStack Salt Information Gatherer
This module gathers information from SaltStack Salt masters and minions. Data gathered from minions: 1. salt minion config file Data gathered from masters: 1. minion list denied, pre, rejected, accepted 2. minion hostname/ip/os depending on module settings 3. SLS 4. roster, any SSH keys are...
Android-PIN-Bruteforce - Unlock An Android Phone (Or Device) By Bruteforcing The Lockscreen PIN
Unlock an Android phone or device by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! How it works It uses a USB OTG cable to connect the locked phone to the Nethunter device. It emulates a keyboard, automatically tries PINs, and...
CVE-2021-22539 Code execution in VSCode-bazel via malicious Bazel config files
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint .bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recomme...
CVE-2021-22717
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in C-Bus Toolkit V1.15.7 and prior that could allow a remote code execution when processing config files...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in C-Bus Toolkit V1.15.7 and prior that could allow a remote code execution when processing config files...
CVE-2021-22717
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in C-Bus Toolkit V1.15.7 and prior that could allow a remote code execution when processing config files...
Fedora: Security Advisory for kde-settings (FEDORA-2021-f68a5a75ba)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: kde-settings-34.0-9.fc34
Config files for kde...
CVE-2021-21055
Adobe Dreamweaver versions 21.0 and earlier and 20.2 and earlier is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver...
BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacke...
CVE-2020-4843
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048...
CVE-2020-4843
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048...
Information disclosure
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048...
CVE-2020-4843
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048...
CVE-2020-4843
The CVE-2020-4843 issue affects IBM Security Secret Server (all versions) where configuration files can disclose sensitive data to an authenticated user. Root causes include information disclosure via stored config files; published CVSS scores range from 4.3 (3.1) to 6.3 (3.0) in IBM advisories, ...
IBM Security Secret Server 信息泄露漏洞
IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An information disclosure vulnerability exists in IBM Security Secret Serve...
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server
Summary A security vulnerability identified on IBM Security Secret Server has been addressed in the release 10.8. Vulnerability Details CVEID: CVE-2020-4843 DESCRIPTION: IBM Security Secret Server stores potentially sensitive information in config files that could be read by an authenticated user...
CVE-2020-2318
CVE-2020-2318 affects the Jenkins Mail Commander Plugin for Jenkins-ci Plugin versions 1.0.0 and earlier. The root cause is that passwords are stored unencrypted in the job config.xml files on the Jenkins controller, allowing disclosure to users with Extended Read permission or with filesystem ac...
Foxit PhantomPDF Elevation of Privilege Vulnerability
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. An elevation of privilege vulnerability exists in Foxit PhantomPDF 10.0.1.35811 and earlier versions in the handling of configuration files used by the update service. The vulnerability ste...
CVE-2020-2208
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...