EUVD-2022-42454

Malicious code in bioql PyPI...

CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

CVE-2025-4094

CVE-2025-4094 affects the Digits WordPress plugin: versions prior to 8.4.6.1 do not rate-limit OTP validation attempts, enabling brute-force attacks that can bypass authentication. Public disclosures and PoCs describe OTP brute-forcing across forgot-password and OTP validation endpoints, with exp...

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features v1.0.1- - Subdomain enumeration 2 engines +...

U.S. Dept Of Defense: Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]

The website had a directory that lacked authentication, allowing an attacker to add a new admin user and change the privileges of existing users without any authentication...

CVE-2023-49259 Bruteforcing authentication cookie for a given user

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time...

The Rising Diicot Threat Group with Diverse Attack Capabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Romanian threat group “Diicot” has been actively employing SSH bruteforcing and deploying malware loaders to compromise systems for the purpose of cryptocurrency mining. The campaign involves exploitin...

Improper Authentication

calibreweb is vulnerable to Improper Authentication. The vulnerability exists in the login function of web.py file, which allows a remote attacker to takeover the account by bruteforcing due to improper restriction of excessive authentication attempts...

TikTok: bypass two-factor authentication in Android apps and web

A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in quick succession. It was found that this vulnerability required access to the user's email/password...

Jupyter server Token bruteforcing

Affects: Notebook and Lab between 6.4.0?potentially earlier and 6.4.11 currently latest. Jupyter Server =1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well. Description: If notebook server is started with a value of rootdir that contains th...

Token bruteforcing.

Impact What kind of vulnerability is it? Who is impacted? Authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories i.e. hidden files were...

ShadowClone - Unleash The Power Of Cloud

ShadowClone allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete. You can make full use of the Free Tiers provided by cloud providers and supercharge your mundane...

Kerbrute - An Script To Perform Kerberos Bruteforcing By Using Impacket

An script to perform kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate: Valid username/passwords pairs Valid usernames Usernames without...

DirSearch - A Go Implementation Of Dirsearch

This software is a Go implementation of the original dirsearch tool written by Mauro Soria. DirSearch is the very first tool I write in Go, mostly to play and experiment with Go's concurrency model, channels, and so forth : Purpose DirSearch takes an input URL -url parameter and a wordlist...

AD Starter Scan - Kerberos Pre-authentication Validation

Binary data adsikerberospreauth.nbin...

Kiterunner - Contextual Content Discovery Tool

For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Over time,...

Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)

Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...

Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power

Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList Mode only but will surely get an Update with BruteForce Mode Dedicated WebSite:https://devim-stuffs.github.io/zracker/ Link to Post on...

h1-ctf: [h1-2006 2020] CTF Walkthrough

h1-2006-ctf Writeup June 2020 https://hackerone.com/h1-ctf/ The Competition Begins! The tweet announces the CTF challenge. Looks like we will need to find a way to process some payments. F863442 Initial Exploring Reading up on the extended description at https://hackerone.com/h1-ctf/ reveals that...