Lucene search
+L

38 matches found

Packet Storm
Packet Storm
added 2024/02/09 12:0 a.m.358 views

IBM i Access Client Solutions Remote Credential Theft

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/IBMIACCESSCLIENTREMOTECREDENTIALTHEFTCVE-2024-22318.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.ibm.com Product IBM i Access Client Solutions Versions All...

5.5CVSS7.4AI score0.00573EPSS
Exploits3
CVE
CVE
added 2023/06/28 8:23 p.m.61 views

CVE-2023-3243

CVE-2023-3243 affects Honeywell BCM-WEB version 3.3.X. The vulnerability allows an attacker to capture an authenticating hash and reuse it to create new sessions; the hash is a poorly salted MD5, enabling brute-forcing of passwords. Affected product is BCM-WEB 3.3.x, with recommendations to upgra...

9.8CVSS9.3AI score0.00606EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/06/02 2:15 p.m.21 views

CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

7.5CVSS0.00883EPSS
Exploits0References1
Prion
Prion
added 2022/06/02 2:15 p.m.18 views

Design/Logic Flaw

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

5CVSS7.6AI score0.00883EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/05/27 6:29 p.m.27 views

CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

7.8AI score0.00883EPSS
Exploits0References1
CVE
CVE
added 2022/05/27 6:29 p.m.55 views

CVE-2022-24581

CVE-2022-24581 affects ACEweb Online Portal 3.5.065. The issue allows unauthenticated users to trigger SMB hash disclosure by providing the UNC path of an external SMB share during file upload, causing the victim server to reveal the username and password hash of the ACEweb Online software user. ...

7.5CVSS7.5AI score0.00883EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.8 views

Github clash 访问控制错误漏洞

Github clash is a rule-based tunnel in Go. A security vulnerability exists in Github clash, which can be exploited by embedding a malicious iframe page into a website with a crafted URL that launches the Clash Windows client and forces it to open a remote SMB share. Windows will perform NTLM...

8.8CVSS8.2AI score0.00634EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2021/07/28 12:0 a.m.654 views

TripSpark VEO Transportation - Blind SQL Injection

Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Date: 07/27/2021 Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link:...

7.4AI score
Exploits0
Prion
Prion
added 2021/03/05 4:15 a.m.20 views

Default configuration

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewal...

6.4CVSS8.1AI score0.00848EPSS
Exploits0References1Affected Software1
SonicWall
SonicWall
added 2021/03/04 11:48 p.m.13 views

SonicWall SSO-Agent NetAPI Vulnerability allows an attacker to force SSO Agent authentication, potentially leading to firewall access control bypass

SonicWall SSO-agent default configuration uses Microsoft NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypa...

8.2CVSS6.8AI score0.00848EPSS
Exploits0
OSV
OSV
added 2020/07/29 4:15 p.m.4 views

CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either...

8.8CVSS7.6AI score0.25895EPSS
Exploits2References2
OSV
OSV
added 2020/06/22 6:15 p.m.6 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.5CVSS7.2AI score0.02161EPSS
Exploits1References2
NVD
NVD
added 2020/03/18 2:15 p.m.20 views

CVE-2020-9324

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC...

7.5CVSS7.6AI score0.01446EPSS
Exploits1References3
OSV
OSV
added 2020/03/18 2:15 p.m.6 views

CVE-2020-9324

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC...

7.5CVSS7.1AI score0.01446EPSS
Exploits1References3
Prion
Prion
added 2020/03/18 2:15 p.m.15 views

Design/Logic Flaw

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC...

5CVSS7.6AI score0.01446EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/03/18 1:13 p.m.48 views

CVE-2020-9324

CVE-2020-9324 affects Aquaforest TIFF Server 4.0 and is described in connected sources as allowing an Unauthenticated SMB hash capture via UNC path . The vulnerability is triggered over the network (attack vector: NETWORK) with low attack complexity and no authentication required, leading to a co...

7.5CVSS7.5AI score0.01446EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/03/18 1:13 p.m.21 views

CVE-2020-9324

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC...

7.6AI score0.01446EPSS
Exploits1References3
exploitpack
exploitpack
added 2001/04/03 12:0 a.m.32 views

Gene6 BPFTP FTP Server 2.0 - User Credentials Disclosure

Gene6 BPFTP FTP Server 2.0 - User Credentials Disclosure source: https://www.securityfocus.com/bid/2534/info G6 FTP Server now known as BPFTP Server is an internet FTP server by Gene6 If a logged in FTP user connects to an external share and submits a malformed 'size' or 'mdtm' command, the user...

7.4AI score
Exploits0
Rows per page
Query Builder