Lucene search
K

81 matches found

Prion
Prion
added 2023/11/02 8:15 a.m.36 views

Design/Logic Flaw

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

4.9CVSS5.7AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/02 7:47 a.m.26 views

CVE-2023-46595 Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

5.9CVSS6.2AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.7 views

PT-2023-30106

Name of the Vulnerable Software and Affected Versions FireFlow versions prior to A32.20 b570 FireFlow versions prior to A32.50 b390 FireFlow versions prior to A32.60 b220 Description The issue allows an attacker to obtain a victim's domain credentials and Net-NTLM hash via HTML injection in the...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.5 views

AlgoSec FireFlow Cross-Site Scripting Vulnerability

AlgoSec FireFlow is a security application from AlgoSec USA, Inc. It is used to automate the security policy change lifecycle, from submitting a change request to reviewing the changes made. A cross-site scripting vulnerability exists in AlgoSec Fireflow versions A32.20 and A32.50, which stems fr...

5.9CVSS6.4AI score0.00301EPSS
Exploits0References3
OSV
OSV
added 2023/10/12 2:15 p.m.4 views

CVE-2023-27315

SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials...

5.5CVSS5.8AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.3 views

PT-2023-21063 · Unknown · Snapgathers

Name of the Vulnerable Software and Affected Versions: SnapGathers versions prior to 4.9 Description: The issue allows a local authenticated attacker to discover plaintext domain user credentials. Recommendations: For versions prior to 4.9, update to version 4.9 or later to resolve the issue...

6.5CVSS5.3AI score0.00157EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2022/02/16 8:0 p.m.19 views

[Security Nation] Amit Serper on Finding Leaks in Autodiscover

!\Security Nation\ Amit Serper on Finding Leaks in Autodiscoverhttps://blog.rapid7.com/content/images/2022/02/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Amit Serper, Director of Security Research at Akamai, on his work uncovering a flaw in the Autodiscover...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.406 views

Wipro Holmes Orchestrator 20.4.1 Report Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1...

7.5AI score0.53008EPSS
Exploits3
MSRC
MSRC
added 2020/10/29 7:0 a.m.49 views

Attacks exploiting Netlogon vulnerability (CVE-2020-1472)

Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol CVE-2020-1472 which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the...

10CVSS8.9AI score0.99512EPSS
Exploits75
Hacker One
Hacker One
added 2020/05/27 2:45 p.m.16 views

U.S. Dept Of Defense: Information Disclosure(PHPINFO/Credentials) on DoD Asset

Summary: A DoD leaks credentials on a phpinfo page. Description: https://███ publicly displays a phpinfo page that leaks system information and credentials. Impact The impact is medium not only due to information leakage of numerous different details such as system information but also the leakag...

Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:32 p.m.20 views

Security Bulletin: Password disclosure vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware vSphere GUI (CVE-2016-6034)

Summary IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect™ for Virtual Environments VMware vSphere GUI is vulnerable to a password disclosure. Vulnerability Details CVEID: CVE-2016-6034 DESCRIPTION: IBM Tivoli Storage Manager for Virtual...

6.8CVSS0.9AI score0.00998EPSS
Exploits0Affected Software1
OSV
OSV
added 2017/11/17 8:29 p.m.5 views

CVE-2017-14111

The workstation logging function in Philips IntelliSpace Cardiovascular ISCV 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements...

7.2CVSS5.8AI score0.02175EPSS
Exploits0References3
NVD
NVD
added 2017/02/13 9:59 p.m.15 views

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

7.8CVSS7.5AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2017/02/13 9:59 p.m.5 views

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

7.8CVSS5.7AI score0.00374EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/13 9:0 p.m.22 views

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

7.5AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 2017/02/13 9:0 p.m.64 views

CVE-2017-5153

The CVE-2017-5153 issue affects OSIsoft PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed with the PI AF Services 2016 R2 integrated installer. It is an information exposure vulnerability through server log files that may allow exposure of service account passwords, potential...

7.8CVSS7.4AI score0.00374EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2017/02/08 12:0 a.m.5 views

IBM Tivoli Storage Manager Information Disclosure Vulnerability

IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware is a suite of VM backup and recovery solutions from IBM USA. An information disclosure vulnerability exists in IBM Tivoli Storage Manger for Virtual Environments versions 7.1.3.0 through 7.1.6.3. An attacker could...

6.8CVSS6.1AI score0.00998EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/02/01 8:0 p.m.35 views

CVE-2016-6034

IBM Tivoli Storage Manager for Virtual Environments VMware could disclose the Windows domain credentials to a user with a high level of privileges...

6.4AI score0.00998EPSS
Exploits0References2
NVD
NVD
added 2017/01/13 9:59 a.m.14 views

CVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server BES 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt...

8.1CVSS7.5AI score0.02057EPSS
Exploits0References3
OSV
OSV
added 2017/01/13 9:59 a.m.3 views

CVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server BES 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt...

8.1CVSS5.8AI score0.02057EPSS
Exploits0References3
Rows per page
Query Builder