Lucene search
K

148 matches found

seebug.org
seebug.org
added 2017/03/23 12:0 a.m.62 views

LastPass: domain regex doesn't handle data and other pseudo-url schemes

I previously found a design flaw in lastpass that affected the 4.x branch of lastpass issue 884. They confirmed the vulnerability, but explained that most of their users use an older branch from addons.mozilla.org. I took a look at the addons.mozilla.org version 3.3.2 as of this writing, and...

6.6AI score
Exploits0
Metasploit
Metasploit
added 2017/02/22 10:20 p.m.56 views

Windows Gather DynaZIP Saved Password Extraction

This module extracts clear text credentials from dynazip.log. The log file contains passwords used to encrypt compressed zip files in Microsoft Plus! 98 and Windows Me. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

2.1CVSS0.08862EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/02/06 12:0 a.m.16 views

Fedora 25 : 1:epiphany (2017-6792542f47)

Update to 3.22.6 : - Fix minor memory leak 682723 - Fix serious password extraction sweep attack on password manager 752738 - Fix adblocker blocking too much stuff, breaking Twitter 777714 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

5.4AI score
Exploits0References2
Veeam
Veeam
added 2016/10/17 12:0 a.m.18 views

Veeam Backup & Replication Local Privilege Escalation Vulnerability

Challenge The vulnerability allows any local Windows user with low privileges, such as the ones provided to an anonymous IIS's virtualhost user, to access Veeam Backup logfiles and extract the password, used to run Veeam components, which is stored as a doublebase64 encoded string. Cause The...

6.3AI score
Exploits0
Kitploit
Kitploit
added 2016/09/21 1:52 p.m.22 views

WinPirate - Automated Sticky Keys Hack. Post Exploitation It Grabs Browser Passwords, History, And Network Passwords

Here's the plan. We create a way to automate doing the sticky keys windows hack from a bootable USB. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there. All without being detected by antivirus we should add a mimikittenz option...

7.2AI score
Exploits0References1
Metasploit
Metasploit
added 2016/07/28 9:29 p.m.37 views

Windows Gather Avira Password Extraction

This module extracts the weakly hashed password which is used to protect a Avira Antivirus 'Windows Gather Avira Password Extraction', 'Description' = %q This module extracts the weakly hashed password which is used to protect a Avira Antivirus MSFLICENSE, 'Author' = 'Robert Kugler / robertchrk',...

7.1AI score
Exploits0
CVE
CVE
added 2016/07/17 10:0 p.m.65 views

CVE-2016-0321

IBM PCOMM (IBM Personal Communications) versions 6.0 prior to 6.0.17 and 12.0 prior to 12.0.0.1 are affected by a design flaw that allows a local attacker with access to a victim account to retrieve passwords by running a PowerShell script. The vulnerability occurs when credential extraction is n...

6.2CVSS6AI score0.00373EPSS
Exploits0References3Affected Software1
Metasploit
Metasploit
added 2016/07/04 8:15 p.m.99 views

WebNMS Framework Server Credential Disclosure

This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is an unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the...

9.8CVSS7.8AI score0.97415EPSS
Exploits12
seebug.org
seebug.org
added 2016/05/09 12:0 a.m.14 views

D-Link DIR-645密码提取

No description provided by source...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2016/03/26 11:0 a.m.246 views

Windows Gather HeidiSQL Saved Password Extraction

This module extracts saved passwords from the HeidiSQL client. These passwords are stored in the registry. They are encrypted with a custom algorithm. This module extracts and decrypts these passwords. This module requires Metasploit: https://metasploit.com/download Current source:...

0.2AI score
Exploits0
CNVD
CNVD
added 2015/09/30 12:0 a.m.4 views

IBM Maximo Asset Management Weak Encryption Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. A security vulnerability exists in IBM Maximo Asset Management. An attacker can exploit the vulnerability to bypass security restrictions and obtain passwords with the help of a...

5CVSS6.8AI score0.00993EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/05/10 12:0 a.m.143 views

[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.42 views

[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-012 Product: Panda Internet Security 2015 Vendor: Panda Security Affected Versions: 15.0.1 Tested Versions: 15.0.1 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2015/01/30 12:0 a.m.32 views

U-Mail邮件系统注入2(SQL Injections in MySQL LIMIT clause,无需登录,附获取用户密码脚本)

简要描述: SQL Injections in MySQL LIMIT clause,过滤不严,产生盲注,导致可以注射用户名与密码,无需登录 详细说明: 上次搜索只在client搜索,今天无意在fast目录下搜索了下,又发现了一处。 注:client的目录下的所有函数必须登录才可以执行,fast的目录无需登录可以执行部分存在的函数,但并不能查看邮件等等。 漏洞与上一个原理一样,但文件不同,此处访问权限设置不严格,可以任意用户访问,导致可以无需登录即可sql注入,limit无法使用sleep,用benchamark延时 漏洞文件/fast/oab/module/operates.php代码...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/01/15 12:0 a.m.5 views

Siemens SIMATIC WinCC Sm@rtClient app information disclosure vulnerability (CNVD-2015-00426)

Siemens SIMATIC WinCC is the monitoring control and data acquisition SCADA and HMI system. An information disclosure vulnerability exists in the Siemens SIMATIC WinCC Sm@rtClient app prior to version 1.0.2, which allows an attacker to extract passwords from srage via an unspecified vector...

2.1CVSS6.4AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2015/01/14 11:59 a.m.13 views

CVE-2014-5231

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors...

2.1CVSS6.4AI score0.00382EPSS
Exploits0References2
Prion
Prion
added 2015/01/14 11:59 a.m.18 views

Design/Logic Flaw

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors...

2.1CVSS6.8AI score0.00382EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/01/14 11:0 a.m.16 views

CVE-2014-5231

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors...

6.4AI score0.00382EPSS
Exploits0References2
CVE
CVE
added 2015/01/14 11:0 a.m.45 views

CVE-2014-5231

Siemens SIMATIC WinCC Sm@rtClient for iOS (pre-1.0.2) is affected by CVE-2014-5231. The issue stems from Insufficiently Protected Credentials (CWE-522): the app stores its password in storage in a way that could allow a local attacker with physical access to extract it. The ICS advisory notes loc...

2.1CVSS6.5AI score0.00382EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added 2014/09/12 8:5 p.m.72 views

Windows Gather Remote Desktop Connection Manager Saved Password Extraction

This module extracts and decrypts saved Microsoft Remote Desktop Connection Manager RDCMan passwords the .RDG files of users. The module will attempt to find the files configured for all users on the target system. Passwords for managed hosts are encrypted by default. In order for decryption of...

0.4AI score
Exploits0
Rows per page
Query Builder