Lucene search
K

33 matches found

Prion
Prion
added 2024/01/10 11:15 a.m.15 views

Design/Logic Flaw

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...

4CVSS7AI score0.00778EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2023/06/12 3:0 a.m.21 views

Strava heatmap loophole may reveal users' home addresses

Researchers at NC State University have outlined potential privacy issues with popular fitness app Strava which could lead to users' homes being pinpointed. The researchers' findings are detailed in a paper called Heat marks the spot: de-anonymising users' geographical data on the Strava heat map...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/26 9:10 a.m.49 views

Hackers Breach LastPass Developer System to Steal Source Code

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed,...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/06 8:44 a.m.41 views

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to othe...

1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/27 3:15 a.m.3 views

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

4.3CVSS5.9AI score0.00651EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.5 views

Zammad 安全漏洞

A security vulnerability exists in Zammad, a suite of ticket management software from the German company Zammad, which stems from an administrative configuration that broadcasts settings that should only be visible to authenticated users to all users with an active application instance. No detail...

4.3CVSS5.6AI score0.00651EPSS
Exploits0References2
NVD
NVD
added 2019/07/26 1:15 p.m.40 views

CVE-2019-13385

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...

4.3CVSS4.6AI score0.02031EPSS
Exploits3References3
Cvelist
Cvelist
added 2019/07/26 12:5 p.m.42 views

CVE-2019-13385

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...

4.7AI score0.02031EPSS
Exploits3References3
Cvelist
Cvelist
added 2019/04/04 3:36 p.m.33 views

CVE-2019-10273

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account...

5.3AI score0.07784EPSS
Exploits5References3
Kitploit
Kitploit
added 2017/08/31 2:30 p.m.40 views

RedSnarf - A Pen-Testing / Red-Teaming Tool For Windows Environments

RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf functionality includes: Retrieval of local SAM hashes Enumeration of user/s running with elevated syste...

7.8AI score
Exploits0References3
Hacker One
Hacker One
added 2016/10/18 11:10 a.m.22 views

New Relic: Hyperlink Injection on adding active users

@japz discovered an issue with how some email clients render text. This issue was determined to be very low or no risk and was subsequently removed from our program's scope...

2.4AI score
Exploits0
Citrix
Citrix
added 2016/09/30 12:0 a.m.8 views

How to Verify Active Users or ICA Users on Citrix Gateway

This article describes how to verify Active Users or ICA User on Citrix Gateway...

7AI score
Exploits0
Metasploit
Metasploit
added 2015/12/21 1:29 p.m.51 views

Generate CSV Organizational Chart Data Using Manager Information

This module will generate a CSV file containing all users and their managers, which can be imported into Visio which will render it. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Generate CSV...

7.3AI score
Exploits0
Rows per page
Query Builder