9 matches found
GrandStream GXP1600 Gather Credentials
This gather module works against Grandstream GXP1600 series VoIP devices and can collect HTTP, SIP, and TR-069 credentials from a device. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the filteruserid parameter. Module Options msf use auxiliary/gather/piwigocve202326876 msf auxiliarypiwigocve202326876 show actions ...actions... msf...
CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users
Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until...
e-Biz Technocrats Pvt.Ltd SQL Injection Vulnerability
It appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected. Exploit Title: Sql...
CVE-2021-36778
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3...
CVE-2021-36778
CVE-2021-36778 describes an information/exposure risk in SUSE Rancher where administrators of third‑party repositories can gather credentials sent to Rancher servers due to an Incorrect Authorization flaw. Affected versions are Rancher prior to 2.5.12 and prior to 2.6.3. The issue enables credent...
CVE-2021-27194
Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords...
LeakScraper - An Efficient Set Of Tools To Process And Visualize Huge Text Files Containing Credentials
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. These tools are designed to help pentesters/redteamers doing OSINT, credentials gathering and credentials stuffing attacks. Installation First things first : have a workingmongodb server. The...
Samsung Internet Browser SOP Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...