18 matches found
Ubiquiti UniFi Network Application 安全漏洞
The Ubiquiti UniFi Network Application is a centralized management and monitoring platform for network devices and wireless networks developed by the Ubiquiti company. The Ubiquiti UniFi Network Application has a security vulnerability that stems from a susceptibility to path traversal attacks...
EUVD-2025-208469
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access...
PT-2026-24185
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access...
SMB to HTTP relay version of Get NAA Creds
This module creates an SMB server and then relays the credentials passed to it to SCCM's HTTP server aka Management Point to gain an authenticated connection. Once authenticated it then attempts to retrieve the Network Access Accounts, if configured, from the SCCM server. This requires a computer...
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...
Autodesk Customer Portal Security Vulnerability
Autodesk Customer Portal is a customer portal component of Autodesk USA. A security vulnerability exists in Autodesk Customer Portal that stems from cases where Autodesk users who no longer have a valid license for an account can still access that account...
CVE-2023-23370
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...
PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...
Wiesemann & Theis Com-Server Family 安全特征问题特征问题漏洞
The Wiesemann & Theis Com-Server Family is a series of serial device servers from the German company Wiesemann & Theis. A security signature issue vulnerability exists in Wiesemann & Theis Com-Server Family. An attacker could exploit this vulnerability to brute force a session id and access...
CVE-2022-30730
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...
Making browsing safe from phishing
Privacy, Security Making browsing safe from phishing Share January 7th, 2021 Mallory tries to create a phishing site to lure Alice into revealing her secrets. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem In the previous episode, Mallory was thinking about...
Ignite Realtime Spark Information Disclosure Vulnerability
Ignite Realtime Spark is an open source, cross-platform, real-time collaboration client application from the Ignite Realtime community. An information disclosure vulnerability exists in Ignite Realtime Spark version 2.8.3 Windows. A remote attacker can exploit this vulnerability to obtain and cra...
CVE-2020-6823
A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...
Vulnerability of the Mac OS X operating system, allowing attackers to compromise user accounts
The vulnerability of the NSSecureTextField component in the Mac OS X operating system is related to the lack of a secure input mechanism. Exploiting this vulnerability allows an attacker to access user accounts through a specially created application...
Shopify: Accessing Payments page and adding payment methods with limited access accounts
Users with the Orders permission were allowed to see the store's payment gateway information. This page should have been restricted to users with the Settings permission only. Using this vulnerability a User with limited access/ No access to Settings could add/alter/change Payment settings while...
CVE-2011-4287
admin/uploaduserform.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user...
PT-2009-6119 · Dovecot · Dovecot
Name of the Vulnerable Software and Affected Versions: Dovecot versions 1.2.x through 1.2.7 Description: The issue allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base dir directory, and possibly the base dir directory...
phpBB 2.0.x - Authentication Bypass (3)
source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...