Lucene search
K

71 matches found

CNNVD
CNNVD
added 2022/11/17 12:0 a.m.5 views

Siemens syngo Dynamics 代码问题漏洞

Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, Germany. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics is vulnerable to server-side request forgery, which can be exploited by attackers to cause NTLM ...

7.5CVSS6.4AI score0.00577EPSS
Exploits0References2
Securelist
Securelist
added 2022/09/28 8:0 a.m.28 views

Prilex: the pricey prickle credit card complex

Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that...

0.4AI score
Exploits0
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.6 views

Adobe Acrobat Reader Dc 信息泄露漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools from the U.S. Adobe Acrobat Reader DC ActiveX space is vulnerable to information disclosure, which stems from errors in the configuration of the network system or product during operation. An unauthenticated attacker could exploit th...

4.3CVSS5.6AI score0.02072EPSS
Exploits0References4
Kitploit
Kitploit
added 2021/10/28 11:30 a.m.37 views

DonPAPI - Dumping DPAPI Credz Remotely

Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those "secured" credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key protecting TaskScheduled blob...

7.1AI score
Exploits0References7
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.7 views

Cisco Webex Teams代码问题漏洞

Cisco Webex Teams is a software for team collaboration from Cisco USA. The software provides online communication for teams with features such as shared files, digital whiteboards, and video conferencing. A code issue vulnerability exists in multiple Cisco products, which is caused by incorrect...

7.8CVSS7.4AI score0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.4 views

Netop Vision 安全漏洞

Netop Vision is an application from the Danish company Netop. It provides a classroom management software. A security vulnerability exists in Netop Vision Pro up to and including 9.7.1, which arises from a plaintext transfer of sensitive information allowing remote unauthenticated collection of...

8.8CVSS5.6AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2021/02/10 9:15 p.m.6 views

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

4.9CVSS5.8AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.7 views

Lenovo Lenovo XClarity Administrator Information Disclosure Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product provides agentless hardware management for servers, storage, network switches, and more. An information disclosure vulnerability exists in Lenovo XClarity Administrator, which stems fr...

4.9CVSS5.8AI score0.00511EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/10/06 8:30 p.m.561 views

Lockphish - The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it's the first tool 07/04/2020 for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial:https://www.kalilinux.in/2020/05/lockphish.html Author: The Linux Choice Who deleted his GitHub repository...

7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2020/06/10 11:47 a.m.38 views

CVE-2019-3588 Using VSE to bypass Windows Credentials on Lock screen

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked...

6.3CVSS6.8AI score0.00278EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/05/29 7:58 p.m.51 views

Steganography Anchors Pinpoint Attacks on Industrial Targets

A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers said, hinging on phishing and a steganography tactic to hide malware on public, legitimate image resources. According to Kaspersky ICS CERT, the attacks seem bent on...

7.1AI score
Exploits0References6
Kitploit
Kitploit
added 2020/05/07 12:30 p.m.65 views

HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace. Often, this i...

7.2AI score
Exploits0References3
CNVD
CNVD
added 2020/03/17 12:0 a.m.5 views

Lenovo XClarity Administrator Information Disclosure Vulnerability (CNVD-2020-19571)

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo LXCA version 2.6.0, which originated...

7.9CVSS6.8AI score0.00306EPSS
Exploits0
OSV
OSV
added 2020/03/13 4:15 p.m.4 views

CVE-2019-19756

An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are...

6CVSS6.6AI score0.00306EPSS
Exploits0References1
Prion
Prion
added 2019/08/28 12:15 p.m.15 views

Default credentials

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092MR2. Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Commandcentre.log file...

5CVSS9.4AI score0.01163EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/28 11:6 a.m.44 views

CVE-2019-15294

Gallagher Command Centre 8.10 before 8.10.1092(MR2) is affected. If, during an upgrade, a custom service account is in use and the visitor management service is installed, the Windows username and password for that service are logged in cleartext to the Command_centre.log file. This constitutes a...

9.8CVSS9.4AI score0.01163EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2018/02/06 9:9 p.m.31 views

LaZagneForensic - Decrypt Windows Credentials From Another Host

LaZagne uses an internal Windows API called CryptUnprotectData to decrypt user passwords. This API should be called on the victim user session, otherwise, it does not work. If the computer has not been started when the analysis is realized on an offline mounted disk, or if we do not want to drop ...

7.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2017/08/10 3:0 p.m.35 views

Patched Flash Player Sandbox Escape Leaked Windows Credentials

One of the patches included in Tuesday’s Adobe Flash Player update was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue. Dutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the...

5CVSS8AI score0.04478EPSS
Exploits1References2
0day.today
0day.today
added 2017/03/23 12:0 a.m.43 views

CA Arcserve D2D - GWT RPC Credential Information Disclosure (Metasploit)

Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'CA Arcserve D2D GWT RPC Credential Information Disclosure', 'Descriptio...

5CVSS6.3AI score0.71631EPSS
Exploits5
OSV
OSV
added 2017/02/01 8:59 p.m.1 views

CVE-2016-6034

IBM Tivoli Storage Manager for Virtual Environments VMware could disclose the Windows domain credentials to a user with a high level of privileges...

6.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder