49 matches found
EUVD-1999-1030
Malware in sbrugna...
EUVD-2019-3543
Malware in sbrugna...
EUVD-2006-2207
Malware in sbrugna...
pSnuffle Packet Sniffer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework dsniff was helping me very often. Too bad that it doesn't work correctly anymore. Psnuffle should bring password sniffing into Metasploit local and if we get lucky even...
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...
CVE-2023-2060
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...
Default credentials
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...
CVE-2023-2060
CVE-2023-2060 affects Mitsubishi Electric MELSEC iQ-R Series RJ71EIP91 and iQ-F FX5-ENET/IP Ethernet/IP modules. The flaw is an authentication bypass via FTP caused by weak password requirements, enabling remote, unauthenticated access through dictionary attacks or password sniffing. Public discl...
CVE-2023-2060 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or passwo...
PT-2022-18501 · Ls Electric · Xgb-Xbch +6
Name of the Vulnerable Software and Affected Versions: LS Electric XG5000 software versions prior to V4.0 LS Electric PLCs: XGK-CPUU/H/A/S/E versions prior to V3.50 XGI-CPUU/UD/H/S/E versions prior to V3.20 XGR-CPUH versions prior to V1.80 XGB-XBMS versions prior to V3.00 XGB-XBCH versions prior ...
pam_ldap and nss_ldap when used with OpenLDAP and connecting to a slave using TLS does not use TLS for the subsequent connection if the client is referred to a master which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
...
MITMf
MITMf is a framework for Man-In-The-Middle attacks. It is a modular and easily extendible tool that aims to provide a one-stop-shop for network attacks. The framework is based on sergio-proxy and has been rewritten from scratch to address the shortcomings of other tools like Ettercap and Mallory...
CVE-2020-10376
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
Code injection
DISPUTED An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the...
Code injection
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network...
Net-creds - Sniff passwords and hashes from an interface or pcap file
Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC...
Password Sniffer Console - Command-line Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords
Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of...