340 matches found
CVE-2023-40173 Unsalted passwords in fobybus/social-media-skeleton
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...
CVE-2023-40173 Unsalted passwords in fobybus/social-media-skeleton
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...
Franklin Fueling Systems TS-550 - Default Password
Exploit Title: Franklin Fueling Systems TS-550 - Default Password Date: 4/16/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to...
Franklin Fueling Systems TS-550 - Exploit and Default Password
Exploit Title: Franklin Fueling Systems TS-550 - Exploit and Default Password Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks an...
CVE-2023-26855
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...
HCL Technologies BigFix Mobile/Modern Client Management 安全漏洞
HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies. A security vulnerability exists in HCL BigFix Mobile/Modern Client Management, which arises from a brute-force cracking of passwords in the configuration interface...
US Department of the Interior's passwords "easily cracked"
It's bad news for the US Department of the Interior--a Government watchdogs security audit has revealed its passwords are simply not up to the job of warding off cracking attempts. The audit's wordy title was not kind: P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, La...
Book Store Management System 访问控制错误漏洞
Book Store Management System is an online bookstore system by Carlo Montero Personal Developer. An access control error vulnerability exists in Book Store Management System version 1.0. An attacker could exploit this vulnerability to crack passwords and obtain sensitive information...
Web Based Quiz System 安全漏洞
Web Based Quiz System is a web based quiz system for janobe individual developers. A vulnerability exists in Web Based Quiz System v1.0, which can be exploited by attackers to obtain a user's password via brute-force cracking...
Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security
A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn't be here open an issue Books Hash...
Secheron SEPCOS Control and Protection Relay 安全漏洞
Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.The Secheron SEPCOS Control and Protection Relay is vulnerable to an...
PT-2022-3434 · Siemens · Desigo Pxc4 +3
Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified i...
DarthSidious - Building An Active Directory Domain And Hacking It
The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to buil...
CVE-2022-0022
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal non-FIPS-CC operationa...
CVE-2022-0022
CVE-2022-0022 affects PAN-OS: the password hashes for administrator and local user accounts are generated with a weak cryptographic algorithm in non-FIPS-CC mode, enabling hash cracking if hashes are obtained from PAN-OS configuration. Affected are PAN-OS 8.1 before 8.1.21; all 9.0; 9.1 before 9....
CVE-2022-0022
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal non-FIPS-CC operationa...
Palo Alto Networks PAN-OS 8.1.x < 8.1.21 / 9.0.x < 9.1.11 / 9.1.x < 9.1.11 / 10.0.x < 10.0.7 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.21 or 9.0.x prior to 9.1.11 or 9.1.x prior to 9.1.11 or 10.0.x prior to 10.0.7. It is, therefore, affected by a vulnerability. - Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software...
CVE-2022-21800
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...
CVE-2021-43332
A flaw was found in mailman, where the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This flaw could potentially allow cracking of the password by a moderator utilizing an offline brute-force attack...
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...