148 matches found
LastPass: domain regex doesn't handle data and other pseudo-url schemes
I previously found a design flaw in lastpass that affected the 4.x branch of lastpass issue 884. They confirmed the vulnerability, but explained that most of their users use an older branch from addons.mozilla.org. I took a look at the addons.mozilla.org version 3.3.2 as of this writing, and...
Windows Gather DynaZIP Saved Password Extraction
This module extracts clear text credentials from dynazip.log. The log file contains passwords used to encrypt compressed zip files in Microsoft Plus! 98 and Windows Me. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Fedora 25 : 1:epiphany (2017-6792542f47)
Update to 3.22.6 : - Fix minor memory leak 682723 - Fix serious password extraction sweep attack on password manager 752738 - Fix adblocker blocking too much stuff, breaking Twitter 777714 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Veeam Backup & Replication Local Privilege Escalation Vulnerability
Challenge The vulnerability allows any local Windows user with low privileges, such as the ones provided to an anonymous IIS's virtualhost user, to access Veeam Backup logfiles and extract the password, used to run Veeam components, which is stored as a doublebase64 encoded string. Cause The...
WinPirate - Automated Sticky Keys Hack. Post Exploitation It Grabs Browser Passwords, History, And Network Passwords
Here's the plan. We create a way to automate doing the sticky keys windows hack from a bootable USB. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there. All without being detected by antivirus we should add a mimikittenz option...
Windows Gather Avira Password Extraction
This module extracts the weakly hashed password which is used to protect a Avira Antivirus 'Windows Gather Avira Password Extraction', 'Description' = %q This module extracts the weakly hashed password which is used to protect a Avira Antivirus MSFLICENSE, 'Author' = 'Robert Kugler / robertchrk',...
CVE-2016-0321
IBM PCOMM (IBM Personal Communications) versions 6.0 prior to 6.0.17 and 12.0 prior to 12.0.0.1 are affected by a design flaw that allows a local attacker with access to a victim account to retrieve passwords by running a PowerShell script. The vulnerability occurs when credential extraction is n...
WebNMS Framework Server Credential Disclosure
This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is an unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the...
D-Link DIR-645密码提取
No description provided by source...
Windows Gather HeidiSQL Saved Password Extraction
This module extracts saved passwords from the HeidiSQL client. These passwords are stored in the registry. They are encrypted with a custom algorithm. This module extracts and decrypts these passwords. This module requires Metasploit: https://metasploit.com/download Current source:...
IBM Maximo Asset Management Weak Encryption Vulnerability
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. A security vulnerability exists in IBM Maximo Asset Management. An attacker can exploit the vulnerability to bypass security restrictions and obtain passwords with the help of a...
[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...
[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-012 Product: Panda Internet Security 2015 Vendor: Panda Security Affected Versions: 15.0.1 Tested Versions: 15.0.1 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...
U-Mail邮件系统注入2(SQL Injections in MySQL LIMIT clause,无需登录,附获取用户密码脚本)
简要描述: SQL Injections in MySQL LIMIT clause,过滤不严,产生盲注,导致可以注射用户名与密码,无需登录 详细说明: 上次搜索只在client搜索,今天无意在fast目录下搜索了下,又发现了一处。 注:client的目录下的所有函数必须登录才可以执行,fast的目录无需登录可以执行部分存在的函数,但并不能查看邮件等等。 漏洞与上一个原理一样,但文件不同,此处访问权限设置不严格,可以任意用户访问,导致可以无需登录即可sql注入,limit无法使用sleep,用benchamark延时 漏洞文件/fast/oab/module/operates.php代码...
Siemens SIMATIC WinCC Sm@rtClient app information disclosure vulnerability (CNVD-2015-00426)
Siemens SIMATIC WinCC is the monitoring control and data acquisition SCADA and HMI system. An information disclosure vulnerability exists in the Siemens SIMATIC WinCC Sm@rtClient app prior to version 1.0.2, which allows an attacker to extract passwords from srage via an unspecified vector...
CVE-2014-5231
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors...
Design/Logic Flaw
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors...
CVE-2014-5231
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors...
CVE-2014-5231
Siemens SIMATIC WinCC Sm@rtClient for iOS (pre-1.0.2) is affected by CVE-2014-5231. The issue stems from Insufficiently Protected Credentials (CWE-522): the app stores its password in storage in a way that could allow a local attacker with physical access to extract it. The ICS advisory notes loc...
Windows Gather Remote Desktop Connection Manager Saved Password Extraction
This module extracts and decrypts saved Microsoft Remote Desktop Connection Manager RDCMan passwords the .RDG files of users. The module will attempt to find the files configured for all users on the target system. Passwords for managed hosts are encrypted by default. In order for decryption of...