96 matches found
CVE-2018-8858
If an attacker has access to the firmware from the VGo Robot Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected they may be able to extract credentials...
CVE-2018-8858
If an attacker has access to the firmware from the VGo Robot Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected they may be able to extract credentials...
CVE-2018-8858
If an attacker has access to the firmware from the VGo Robot Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected they may be able to extract credentials...
Unspecified Vulnerability in ECOS Secure Boot Stick
The ECOS Secure Boot Stick a.k.a. SBS is a security device from ECOS TECHNOLOGY, Germany for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5 that stems from an undocumented vendor backdoor in the...
Unspecified Vulnerability in ECOS System Management Appliance
ECOS System Management Appliance a.k.a. SMA is a virtual appliance from ECOS TECHNOLOGY, Germany, for centralized management of ECOS products, which is capable of running on VMware, Crtrix XenServer, and Hyper-V. A security vulnerability exists in ECOS SMA version 5.2.68 that stems from an...
ECOS Secure Boot Stick Fuzzing Vulnerability
The ECOS Secure Boot Stick a.k.a. SBS is a security device from ECOS TECHNOLOGY, Germany for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker can exploit the vulnerability to extract the...
TBK DVR Login Bypass(CVE-2018-9995)
En un articulo anterior presente una vuln que me permitía obtener las credenciales de cierto modelo de DVR. Tan simple como: $ curl "http://:/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin" Resulta que el hallazgo no corresponde a un vendor en particular como originalmente supuse. Me...
Jboss Credential Collector
This module can be used to extract the Jboss admin passwords for version 4,5 and 6. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Jboss Credential Collector', 'Description'...
Design/Logic Flaw
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
Ranger - Tool To Access And Interact With Remote Microsoft Windows Based Systems
A tool to support security professionals access and interact with remote Microsoft Windows based systems. This project was conceptualized with the thought process, we did not invent the bow or the arrow, just a more efficient way of using it. Ranger is a command-line driven attack and penetration...
NetworkMiner 2.0 - Network Forensic Analysis Tool (NFAT)
NetworkMiner is a Network Forensic Analysis Tool NFAT for Windows but also works in Linux / Mac OS X / FreeBSD. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the...
Siemens SIMATIC WinCC Sm@rtClient iOS Application Authentication Vulnerabilities
OVERVIEW Siemens has identified authentication vulnerabilities in the SIMATIC WinCC Sm@rt Client application. These vulnerabilities were reported directly to Siemens by Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult NCC Group. Siemens has produced an update that mitigates thes...
Windows Gather FTP Explorer (FTPX) Credential Extraction
This module finds saved login credentials for the FTP Explorer FTPx FTP client for Windows. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Windows Gather FTP Explorer...
mBlogger 1.0.04 - 'viewpost.php' SQL Injection
!/usr/bin/python Exploit Title: mBlogger v1.0.04 viewpost.php SQL Injection Exploit Date : 31 August 2010 Author : Ptrace Security Gianni Gnesa gnix Contact : researchatptrace-securitydotcom Software Link: http://sourceforge.net/projects/mblogger/ Version : 1.0.04 Tested on : EasyPHP 5.3.1.0 for...