96 matches found
CVE-2021-43954: File and network resource enumeration via SSRF in DefaultRepositoryAdminService
Affected versions of Atlassian Fisheye and Crucible allow remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery SSRF vulnerability in the DefaultRepositoryAdminService class. When runni...
CVE-2020-14480
Due to usernames/passwords being stored in plaintext in Random Access Memory RAM, a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials...
Who Is the Network Access Broker ‘Babam’?
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials -- such as usernames and passwords needed to remotely connect to the...
Unable to create new machine using PVS console. - MAPI Error: Invalid or insufficient credentials. [Could not authenticate session. Check your access credentials and try again
When attempting to create a new machines or update existing ones, we get the errorUnable to create new machine using PVS console. - MAPI Error: Invalid or insufficient credentials. Could not authenticate session. Check your access credentials and try again...
CVE-2021-34744
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of...
Design/Logic Flaw
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...
Blind SSRF in widgetConnector - CVE-2021-26072
Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...
Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)
!/usr/bin/python3 Exploit Title: Rukovoditel 2.7.1 - Remote Code Execution Authenticated Exploit Author: @danyx07 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: Rukovoditel -p you can provide credentials, load the image with PHP...
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...
SSRF in Dashboard & Gadgets - CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...
SSRF in Dashboard & Gadgets - CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...
Exploit for SQL Injection in Redmine
CVE-2019-18890 CVE-2019-18890 POC Proof of Concept REDMINE...
Cisco IOS XE CTS PAC Configuration Denial of Service Vulnerability
Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. A denial of service vulnerability exists in the Cisco TrustSec CTS Protected Access Credentials PAC configuration module of Cisco IOS XE. The vulnerability stems from improper validation of attributes in RADIUS...
Police Shut Down xDedic – An Online Market for Cyber Criminals
In an international operation involving law enforcement authorities from the U.S. and several European countries, feds have shut down an online underground marketplace and arrested three suspects in Ukraine. Dubbed xDedic, the illegal online marketplace let cybercriminals buy, sell or rent out...
Unprotected Government Server Exposes Years of FBI Investigations
A massive government data belonging to the Oklahoma Department of Securities ODS was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with...
CVE-2018-0468
The CVE-2018-0468 issue affects Cisco Energy Management Suite (CEMS) configured with PostgreSQL using unchanged default access credentials. An authenticated, local attacker can log in to the host and connect to the bundled PostgreSQL database to access and modify confidential data. The advisory n...
Hardcoded credentials
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...
CVE-2018-18562
CVE-2018-18562 is an OS command injection vulnerability in Roche Accu-Chek Inform II Base Unit / Base Unit Hub and CoaguChek / cobas h232 Handheld Base Unit, before 03.01.04. The root cause is insecure operation allowing authenticated attackers in the adjacent network to execute arbitrary command...
CVE-2018-18562
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...