160 matches found
Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation
Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...
EUVD-2025-205781
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.evallength...
EUVD-2017-0271
Malware in sbrugna...
Exploit for CVE-2017-0143
💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...
CVE-2025-35114
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...
Linux Distros Unpatched Vulnerability : CVE-2009-4269
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the...
OpenBao 安全漏洞
OpenBao is OpenBao open source a sensitive data management software . OpenBao has a security vulnerability that can be exploited by attackers to cause a brute-force crack...
CVE-2023-32831
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868...
PT-2024-39023 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns the use of an insecure hashing function to hash user passwords without salting. Remote attackers with administrator privileges can read...
PLANET switch devices 安全漏洞
PLANET switch devices are a series of switch devices from PLANET Corporation in China. A security vulnerability exists in PLANET switch devices that stems from the use of an insecure hash function that is not salted to hash user passwords. A remote attacker with administrator privileges could rea...
MAL-2024-8749 Malicious code in brasil_viagem_omsi_2_crack_portable_ckw74 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 882faa2f5df2db446d465a31c900f7463cc38ab821321ce63ec4d1be5a96112c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Exploit for CVE-2024-4956
CVE-2024-4956 !My Shophttps://img.shields.io/badge/My%20S...
CVE-2024-35178
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...
CVE-2024-35178 Jupyter server on Windows discloses Windows user password hash
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...
CVE-2024-35178 Jupyter server on Windows discloses Windows user password hash
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...
LDAPWordlistHarvester - A Tool To Generate A Wordlist From The Information Present In LDAP, In Order To Crack Passwords Of Domain Accounts
A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be. x Creates a wordlist based on the following information found in the LDAP: x User : name and...
CVE-2024-3764 Tuya SDK MQTT Packet denial of service
DISPUTED A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulner...
CVE-2023-32831
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868...
CVE-2023-32831
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868...