GHSA-7W52-7JVM-M9VW Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames

Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php: public function getUserEntityByUserCredentials string $username,...

SilentHound - Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv recommended method sudo python3 -m pip install --user pipenv git clone https://github.com/layer8secure/SilentHound.git cd silenthound...

Nextcloud 信息泄露漏洞

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an information disclosure vulnerabili...