Lucene search
+L

340 matches found

ThreatPost
ThreatPost
added 2020/08/10 3:56 p.m.177 views

TeamViewer Flaw in Windows App Allows Password-Cracking

Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. TeamViewer is a proprietary software application...

6.8CVSS8.8AI score0.26869EPSS
Exploits3References12
Gitee
Gitee
added 2020/08/05 9:53 a.m.3 views

KITT-Lite

This is an offensive tool for wireless network exploitation. It is a collection of scripts and tools for various wireless-related tasks, including wireless network scanning, device identification, and password cracking. The toolset includes scripts for tasks such as: Wireless network scanning usi...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/30 10:34 a.m.7 views

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but...

6.2AI score
Exploits0
Prion
Prion
added 2020/07/29 4:15 p.m.34 views

Cross site request forgery (csrf)

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either...

6.8CVSS8.8AI score0.25895EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/07/29 12:24 p.m.14 views

CVE-2020-14489 OpenClinic GA

OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques...

6.2CVSS7.6AI score0.00982EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/07/18 10:0 p.m.69 views

Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly

Docker for pentest is an image with the more used tools to create an pentest environment easily and quickly. Features OS, networking, developing and pentesting tools installed. Connection to HTB Hack the Box vpn to access HTB machines. Popular wordlists installed: SecLists, dirb, dirbuster, fuzzd...

7.2AI score
Exploits0References87
Gitee
Gitee
added 2020/07/07 10:42 a.m.3 views

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/07/03 12:0 a.m.6 views

OpenClinic GA suffers from an unspecified vulnerability (CNVD-2021-17436)

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A security vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which can be exploited by an attacker...

7.5CVSS6.8AI score0.00982EPSS
Exploits0References1
The Coalfire Blog
The Coalfire Blog
added 2020/06/26 3:0 p.m.12 views

Baselining PassGAN: Adventures in the rhubarb

Cracking is a complex topic full of misunderstandings, confusing terminology and weird people. This blog post is front-loaded with some terminology, some explanations, and maybe some apologies. Password cracking: This is fundamentally one thing: guessing. Were not reversing, or talking to spirits...

1.3AI score
Exploits0
CNVD
CNVD
added 2020/06/23 12:0 a.m.8 views

Viber URI Handling Vulnerability

Viber is a suite of cross-platform instant messaging software. A security vulnerability exists in Viber versions prior to 13.2.0.39 Windows that stems from not properly referencing its custom URI handler. An attacker can exploit the vulnerability by leveraging a malicious website that causes a us...

7.5CVSS7.3AI score0.02161EPSS
Exploits1References1
NVD
NVD
added 2020/06/22 6:15 p.m.22 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

7.5CVSS0.02161EPSS
Exploits1References2
Kitploit
Kitploit
added 2020/06/21 12:30 p.m.195 views

Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline

This Script Supports Only Zip File in This Version You Can Also Use This Script With crunch Cross-platform Supported Usage: zipcracker.py options Options: --version show program's version number and exit -h, --help show this help message and exit -f FILENAME, --file=FILENAME Please Specify Path o...

7.3AI score
Exploits0References1
Gitee
Gitee
added 2020/06/19 2:7 p.m.9 views

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2020/04/03 11:30 a.m.275 views

Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking...

7.8AI score
Exploits0References5
CNVD
CNVD
added 2020/04/02 12:0 a.m.4 views

Plone has an unspecified vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone versions 4.3 through 5.2.0, which stems from the program's lack of password strength checking. An attacker can exploit this vulnerability to crack passwords...

7.5CVSS7AI score0.01253EPSS
Exploits0References1
Talos
Talos
added 2020/03/09 12:0 a.m.78 views

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

7.5CVSS6.7AI score0.02199EPSS
Exploits1
OSV
OSV
added 2020/02/27 4:15 a.m.5 views

CVE-2020-3923

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system...

9.8CVSS7.3AI score0.01679EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/02/12 9:0 p.m.93 views

Hashcracker - Python Hash Cracker

Supportedhashing algorithms: SHA512, SHA256, SHA384, SHA1, MD5 Features: auto detection of hashing algorithm based on length not recommended, bruteforce, password list Arguments: type: hash algorithm must be one of the supported hashing algorithms mentioned above or AUTO if you want to use...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/02/02 8:30 p.m.132 views

PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator

PCFG = Probabilistic Context Free Grammar PCFG = Pretty Cool Fuzzy Guesser In short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords honeywords, or help develop better password strength...

6.8AI score
Exploits0References2
CNVD
CNVD
added 2020/01/09 12:0 a.m.1 views

Logic Flaw Vulnerability in the Backend Management Login Interface of Angel School Training Website System

Angel school training website system is an open source website management system. Angel school training website system back-end management login interface has a logic flaw vulnerability that can be exploited by an attacker to violently break the administrator's password...

6.9AI score
Exploits0
Rows per page
Query Builder