81 matches found
Design/Logic Flaw
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
CVE-2023-46595 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...
PT-2023-30106
Name of the Vulnerable Software and Affected Versions FireFlow versions prior to A32.20 b570 FireFlow versions prior to A32.50 b390 FireFlow versions prior to A32.60 b220 Description The issue allows an attacker to obtain a victim's domain credentials and Net-NTLM hash via HTML injection in the...
AlgoSec FireFlow Cross-Site Scripting Vulnerability
AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A cross-site scripting vulnerability exists in AlgoSec Fireflow versions A32.20 and A32.50, which stems fr...
CVE-2023-27315
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials...
PT-2023-21063 · Unknown · Snapgathers
Name of the Vulnerable Software and Affected Versions: SnapGathers versions prior to 4.9 Description: The issue allows a local authenticated attacker to discover plaintext domain user credentials. Recommendations: For versions prior to 4.9, update to version 4.9 or later to resolve the issue...
[Security Nation] Amit Serper on Finding Leaks in Autodiscover
!\Security Nation\ Amit Serper on Finding Leaks in Autodiscoverhttps://blog.rapid7.com/content/images/2022/02/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Amit Serper, Director of Security Research at Akamai, on his work uncovering a flaw in the Autodiscover...
Wipro Holmes Orchestrator 20.4.1 Report Disclosure
Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1...
Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol CVE-2020-1472 which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the...
U.S. Dept Of Defense: Information Disclosure(PHPINFO/Credentials) on DoD Asset
Summary: A DoD leaks credentials on a phpinfo page. Description: https://███ publicly displays a phpinfo page that leaks system information and credentials. Impact The impact is medium not only due to information leakage of numerous different details such as system information but also the leakag...
Security Bulletin: Password disclosure vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware vSphere GUI (CVE-2016-6034)
Summary IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect™ for Virtual Environments VMware vSphere GUI is vulnerable to a password disclosure. Vulnerability Details CVEID: CVE-2016-6034 DESCRIPTION: IBM Tivoli Storage Manager for Virtual...
CVE-2017-14111
The workstation logging function in Philips IntelliSpace Cardiovascular ISCV 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements...
CVE-2017-5153
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...
CVE-2017-5153
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...
CVE-2017-5153
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...
CVE-2017-5153
The CVE-2017-5153 issue affects OSIsoft PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed with the PI AF Services 2016 R2 integrated installer. It is an information exposure vulnerability through server log files that may allow exposure of service account passwords, potential...
IBM Tivoli Storage Manager Information Disclosure Vulnerability
IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware is a suite of VM backup and recovery solutions from IBM USA. An information disclosure vulnerability exists in IBM Tivoli Storage Manger for Virtual Environments versions 7.1.3.0 through 7.1.6.3. An attacker could...
CVE-2016-6034
IBM Tivoli Storage Manager for Virtual Environments VMware could disclose the Windows domain credentials to a user with a high level of privileges...
CVE-2016-3130
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server BES 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt...
CVE-2016-3130
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server BES 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt...