106 matches found
PYSEC-2020-229
django-nopassword before 5.0.0 stores cleartext secrets in the database...
CVE-2019-10682
django-nopassword before 5.0.0 stores cleartext secrets in the database...
CVE-2020-9758
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...
Vxscan
This is a Python script called Vxscan, which is a comprehensive scanning tool for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...
The vulnerability of the McAfee Advanced Threat Defense software’s database storage mechanism allows a malicious actor to gain unauthorized access to the root password.
The vulnerability of the McAfee Advanced Threat Defense software’s database storage component is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker to obtain unauthorized access to the root password...
Vulnerability of the Server: Storage Engines component of the MySQL database management system, which allows attackers to cause service interruptions.
The vulnerability of the Server: Storage Engines component of the Oracle MySQL database management system is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2018-18587
BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash...
maltrail
Maltrail is a malicious traffic detection system that utilizes publicly available blacklists containing malicious and/or generally suspicious trails. It can detect various types of malicious activity, including domain name, URL, IP address, and HTTP User-Agent header value. Maltrail also uses...
WordPress Caldera Forms 1.5.9.1 Cross Site Scripting
Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...
BlueMaho v090417 - Bluetooth Security Testing Suite
BlueMaho is GUI-shell interface for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice...
International Islamic University Chittagong: Application fees changeable
When i submit the form of the Url http://119.18.148.140/iiuc/home/apply-online then I intercept the form request and change the 500 into 100. Application did not give the option to change the money but by intercepting the request we can change the money. Application should removed the application...
Cloudera HUE Session cookies stored in the database
User session cookies are stored in the database. Combined with the vulnerability related to configuration file which is world readable, it is possible to spoof a user across the entire cluster launching jobs and browsing the datalake, without having to crack password hashes. Cookies are stored in...
Information disclosure
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup...
The vulnerability of the ABB PCM600 control and configuration device allows a intruder to access information related to user account data.
The vulnerability of the ABB PCM600 control and configuration device lies in the way authentication information is stored in a database, in the form of hexadecimal ASCII values. Exploiting this vulnerability could allow an attacker, operating locally, to gain access to information about user...
Infernal-Twin - This Is Evil Twin Attack Automated (Wireless Hacking)
This tool is created to aid the penetration testers in assessing wireless security. Author is not responsible for misuse. Please read instructions thoroughly. Usage sudo python InfernalWireless.py How to install $ sudo apt-get install apache2 $ sudo apt-get install mysql-server...
Inductive Automation Ignition Brute Force Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition suffers from a security vulnerability in the hash algorithm MD5 in use, which can lead to brute force attacks on database storage accounts...
Windows Gather Active Directory Users
This module will enumerate user accounts in the default Active Domain AD directory and stores them in the database. If GROUPMEMBER is set to the DN of a group, this will list the members of that group by performing a recursive/nested search i.e. it will list users who are members of groups that a...
Havalite CMS v1.0.4 Multiple Vulnerabilities
Exploit for php platform in category web applications Title: ====== Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Date: ===== 2012-04-23 Introduction: ============= Havalite, a lightweight, open source CMS, based on php and SQLite. It\\\'s licensed under the GNU General Public License. - A...
SA-CONTRIB-2012-048 - Contact Save - Cross Site Scripting
CVE: CVE-2012-2075 This module stores in the database all messages submitted through the core contact forms, and provides a way to respond to these messages through the website. The module doesn't sufficiently filter user supplied text, leading to a cross-site scripting XSS vulnerability. This...
How to use the database to crack the md5-vulnerability warning-the black bar safety net
Why password the number of bits short of MD5 unsafe? A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC. Note that...