28 matches found
Exploit for Improper Input Validation in Microsoft
monikerlinktest cve-2024-21413 1. set up tun0 on router via o...
PT-2025-51749
Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 contains a cross-site scripting issue that enables attackers to inject malicious HTML and CSS. This allows for the capture of user keystrokes. Attackers can upload a specially crafted...
EUVD-2020-30294
Malware in sbrugna...
EUVD-2025-28700
Malicious code in bioql PyPI...
CVE-2024-10403
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave...
CVE-2024-10403 SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave...
Broadcom Fabric OS 安全漏洞
Broadcom Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Broadcom, USA. A security vulnerability exists in Broadcom Fabric OS versions prior to 8.2.3e2, 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a, which stems from the ability to capture...
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. Description The...
Moxa IKS, EDS Predictable From Observable State (CVE-2019-6563)
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
Design/Logic Flaw
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
CVE-2022-25210
CVE-2022-25210 affects the Jenkins Convertigo Mobile Platform Plugin up to version 1.1. The vulnerability arises from using static fields to store job configuration information, enabling attackers with Item/Configure permission to capture passwords for jobs that will be configured. This is descri...
lynx -- SSL certificate validation error
Axel Beckert reports: ... I was able to capture the password given on the commandline in traffic of an TLS handshake using tcpdump and analysing it with Wireshark:...
CVE-2020-13946
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...
Malicious Package
grunt-radic contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
ember-power-timepicker contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Plex Media Server -- Information Disclosure Vulnerability
Chris reports: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use this vulnerability to: Access arbitrary files from the filesystem with the same permission as the...
CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS
Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...
SUSE SLED10 / SLES10 Security Update : xorg-x11-server (SUSE-SU-2013:0857-1)
In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. This update fixes this issue. CVE-2013-1940 has been assigned to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...