Lucene search
K

792 matches found

Kitploit
Kitploit
added 2021/08/19 9:30 p.m.32 views

REW-sploit - Emulate And Dissect MSF And *Other* Attacks

REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.htmlrew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploitdocs Need help in analyzing Windows shellco...

6.9AI score
Exploits0References4
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/08/17 5:51 a.m.54 views

Broken User Authentication☝️ — What you need to know

Broken User Authentication☝️ — What you need to know Introduction API2:Broken User Authentication What is Broken User Authentication? Broken User Authentication can manifest in several issues. Whenever we come across an API endpoint that handles authentication we need to be extra careful since...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/08/12 12:0 a.m.34 views

Debian DLA-2735-1 : ceph - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2735 advisory. - It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk...

6.5CVSS6AI score0.02136EPSS
Exploits0References14
OSV
OSV
added 2021/07/28 10:15 a.m.8 views

CVE-2021-32001

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...

6.5CVSS5.8AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2021/07/26 5:15 a.m.2 views

DEBIAN-CVE-2021-21440

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

6.5CVSS5.4AI score0.00814EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/17 12:0 a.m.6 views

Unspecified Vulnerability in Gallagher Command Center Server

Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Center Server that stems from Gallagher Command Center Server allowing cloud end-to-end encryption keys to b...

6CVSS6.8AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2021/06/11 4:15 p.m.3 views

CVE-2021-23211

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3...

4.4CVSS5.8AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/11 12:0 a.m.4 views

PT-2021-15406 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3 Description: The issue concerns a Cleartext Storage of Sensitive Information in Memory vulnerability in the Gallagher Command Centre Server. This vulnerability allows the Cloud...

6CVSS5AI score0.00108EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.4 views

Gallagher Command Centre Server 安全漏洞

Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Center Server that stems from Gallagher Command Center Server allowing cloud end-to-end encryption keys to b...

6CVSS5.5AI score0.00108EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/10 12:0 a.m.7 views

Nextcloud Android Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...

4.7CVSS6AI score0.00303EPSS
Exploits1References1
NVD
NVD
added 2021/06/08 7:15 p.m.18 views

CVE-2021-32658

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

4.7CVSS0.00303EPSS
Exploits1References3
Prion
Prion
added 2021/06/08 7:15 p.m.23 views

Code injection

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

2.1CVSS4.6AI score0.00303EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/06/08 6:35 p.m.24 views

CVE-2021-32658 Sensitive data may not be removed from storage on account removal

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

4.7CVSS4.9AI score0.00303EPSS
Exploits1References3
Nextcloud
Nextcloud
added 2021/06/08 4:31 p.m.32 views

Sensitive data may not be removed from storage on account removal

None...

4.7CVSS4.8AI score0.00303EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.5 views

Nextcloud Android 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...

4.7CVSS5.6AI score0.00303EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/06/01 12:0 a.m.2 views

The vulnerability of the Thunderbird email client, related to the unencrypted storage of OpenPGP keys, allows attackers to gain access to confidential information.

The vulnerability of the Thunderbird email client is related to the unencrypted storage of OpenPGP keys. Exploiting this vulnerability could allow an attacker to access confidential information...

3.3CVSS5.8AI score0.0081EPSS
Exploits1References9Affected Software4
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.4 views

IBM Security Guardium 信任管理问题漏洞

IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. A hard-coded credentials vulnerability exists in IBM Security Guardium version 11.2. An attacker could exploit the vulnerability ...

9.8CVSS6.7AI score0.00963EPSS
Exploits0References6
CNVD
CNVD
added 2021/04/13 12:0 a.m.6 views

Patreon WordPress Local File Disclosure Vulnerability

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...

7.5CVSS6.2AI score0.05879EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.5 views

WordPress 信息泄露漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A local file disclosure vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit the vulnerability to obtain internal files such as database...

7.5CVSS5.6AI score0.05879EPSS
Exploits1References3
Kitploit
Kitploit
added 2021/04/02 11:30 a.m.64 views

SecretScanner - Find Secrets And Passwords In Container Images And File Systems

Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure such as accounts, devices, network, cloud based services,...

7.1AI score
Exploits0References3
Rows per page
Query Builder