59 matches found
Unspecified vulnerability exists in IR615 Router (CNVD-2021-82943)
The IR615 Router is a 4G industrial router from Rimu Technologies, China. The IR615 Router has a security vulnerability that could be exploited by an attacker to obtain user credentials to enumerate passwords and emulate other application users and perform actions on their behalf...
Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...
Remote Desktop Web Access Authentication Timing Attack
!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...
CVE-2020-35586
In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...
CVE-2020-35586
Solstice Pod (before 3.3.0) and Solstice Open4.3 vulnerability where the Administrator password can be enumerated by brute-forcing the Open Control API endpoint /Config/service/initModel?password= due to no password complexity requirements. Affected products are Solstice Pod prior to 3.3.0 and So...
CVE-2019-14351
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters...
Malicious Package
Overview Version 1.0.3 of libubx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...
Security Bulletin: Login Error Messages Credential Enumeration in ClearQuest Web (CVE-2014-3105)
Summary IBM Rational ClearQuest Web for OSLC integration is vulnerable to Login Error Messages Credential Enumeration. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your...
Legal Robot: Change password logic inversion
A security researcher discovered that during the password change process, the new password was validated before verifying the old password's accuracy, despite the user entering the values and submitting on a single form. If a user was logged in on a shared machine, this could have led to a...
Veris: Password(s) can be found via login process.
Hello security team, It is possible to find passwords of other users by enumerate the login process. The scenario is quiet simple: 1 Go to https://sandbox.veris.in/portal/login/ 2 Fill in 'Email ID' and 'Password' and click 'Log In' 3 Capture the request via burp suite and send it to intruder. 4...
CVE-2015-3238
The CVE affects the Linux-PAM pam_unix module. The _unix_run_helper_binary function, when it cannot access passwords directly, can write to a blocking pipe, allowing local users to enumerate usernames or cause a denial of service (hang). This is documented for pam before version 1.2.1. Impact is ...
CVE-2015-3238
The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password...
YourArcadeScript 2.0b1 - Blind SQL Injection
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security Research...
FS-NyarL - Network Takeover & Forensic Analysis Tool
NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...
DEBIAN-CVE-2013-4885
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Advisory ID: cisco-sa-20100127-mp Revision 1.0 For Public Release 2010 Jan 27 1600 UTC GMT +--------------------------------------------------------------------- Summary...
Lore 1.5.6 SQL Injection
Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...
WebChat 2.0 - 'users.php?Database Username Disclosure
source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the...
NETGEAR FM114P ProSafe Router Multiple Vulnerabilities
The NETGEAR FM114P ProSafe Wireless Router and possibly other devices discloses the username and password of the WAN when it receives specially crafted UPnP soap requests. An attacker may use this flaw to steal a valid username and password. In addition to this, an attacker may use UPnP to disabl...