792 matches found
REW-sploit - Emulate And Dissect MSF And *Other* Attacks
REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.htmlrew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploitdocs Need help in analyzing Windows shellco...
Broken User Authentication☝️ — What you need to know
Broken User Authentication☝️ — What you need to know Introduction API2:Broken User Authentication What is Broken User Authentication? Broken User Authentication can manifest in several issues. Whenever we come across an API endpoint that handles authentication we need to be extra careful since...
Debian DLA-2735-1 : ceph - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2735 advisory. - It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk...
CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
DEBIAN-CVE-2021-21440
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...
Unspecified Vulnerability in Gallagher Command Center Server
Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Center Server that stems from Gallagher Command Center Server allowing cloud end-to-end encryption keys to b...
CVE-2021-23211
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3...
PT-2021-15406 · Gallagher · Gallagher Command Centre
Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3 Description: The issue concerns a Cleartext Storage of Sensitive Information in Memory vulnerability in the Gallagher Command Centre Server. This vulnerability allows the Cloud...
Gallagher Command Centre Server 安全漏洞
Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Center Server that stems from Gallagher Command Center Server allowing cloud end-to-end encryption keys to b...
Nextcloud Android Information Disclosure Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...
CVE-2021-32658
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...
Code injection
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...
CVE-2021-32658 Sensitive data may not be removed from storage on account removal
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...
Sensitive data may not be removed from storage on account removal
None...
Nextcloud Android 信息泄露漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...
The vulnerability of the Thunderbird email client, related to the unencrypted storage of OpenPGP keys, allows attackers to gain access to confidential information.
The vulnerability of the Thunderbird email client is related to the unencrypted storage of OpenPGP keys. Exploiting this vulnerability could allow an attacker to access confidential information...
IBM Security Guardium 信任管理问题漏洞
IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. A hard-coded credentials vulnerability exists in IBM Security Guardium version 11.2. An attacker could exploit the vulnerability ...
Patreon WordPress Local File Disclosure Vulnerability
Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...
WordPress 信息泄露漏洞
Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...
SecretScanner - Find Secrets And Passwords In Container Images And File Systems
Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure such as accounts, devices, network, cloud based services,...