Exploit for Improper Certificate Validation in Microsoft

CVE-2022-26923 – Certifried Exploit AD CS Abuse Automatisat...

EUVD-2021-32560

Malicious code in bioql PyPI...

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

CVE-2021-45842

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...

Article Analytics <= 1.0 - Unauthenticated SQL injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability. On a Wordpress blog using MySQL the following PoC allows to extract the hash of the...

Yeastar N412和Yeastar N824 安全漏洞

The Yeastar N412 and Yeastar N824 are both easy-to-use and inexpensive phone systems from the Spanish company Yeastar. A security vulnerability exists in the Yeastar N412 and N824 Configuration Panel versions 42.x and 45.x. The vulnerability stems from the fact that an unauthenticated attacker ca...

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

CVE-2021-45842

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint...

CVE-2020-15931

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator that is configured within the product in its installation state by generating a single Kerberos Pre-Authentication Failed ID 4771 event on a...

The vulnerability of TeamViewer’s remote control software lies in the lack of commas in the syntax of certain elements or search paths. This allows a hacker to intercept the administrator’s password hash.

The vulnerability of TeamViewer’s remote control software lies in the lack of commas in the syntax of certain elements or search paths. Exploiting this vulnerability allows a malicious actor to intercept the administrator’s password hash...

myPHPNuke &lt; 1.8.8_8rc2 - &#039;artid&#039; SQL Injection

SQL Injection vulnerability in myPHPNuke By MustLive http://websecurity.com.ua Detailed information: http://websecurity.com.ua/2398/ Description: There is SQL Injection vulnerability in printfeature.php in myPHPNuke. SQL Injection:...

joomlapaxx-blindsql.txt

!/usr/bin/perl use strict; use LWP::Simple; print "-+-- Joomla Component PaxxGallery Blind SQL Injection Exploit gid --+-\n"; print "-+-- "more than 1 row" --+-\n"; print "-+-- --+-\n"; print "-+-- Author: ZAMUT --+-\n"; print "-+-- Vuln: gid= --+-\n"; print "-+-- Dork: option=compaxxgallery...

Joomla! Component paxxgallery 0.2 - gid Blind SQL Injection

Joomla! Component paxxgallery 0.2 - gid Blind SQL Injection !/usr/bin/perl use strict; use LWP::Simple; print "-+-- Joomla Component PaxxGallery Blind SQL Injection Exploit gid --+-\n"; print "-+-- "more than 1 row" --+-\n"; print "-+-- --+-\n"; print "-+-- Author: ZAMUT --+-\n"; print "-+--...