Lucene search
K

74 matches found

Packet Storm
Packet Storm
added 2021/07/26 12:0 a.m.912 views

Elasticsearch ECE 7.13.3 Database Disclosure

Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...

7.6AI score0.27788EPSS
Exploits6
OSV
OSV
added 2021/01/14 9:13 p.m.2 views

USN-4693-1 ampache vulnerabilities

It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. CVE-2019-12385 It was discovered that an XSS vulnerability in...

8.8CVSS6.8AI score0.01634EPSS
Exploits2References3
OSV
OSV
added 2020/10/22 3:15 p.m.3 views

CVE-2020-26649

AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php...

8.1CVSS5.8AI score0.00742EPSS
Exploits1References1
HackRead
HackRead
added 2020/07/08 4:56 p.m.23 views

German Police seize DDoSecrets server hosting BlueLeaks data dump

By Waqas The BlueLeaks data dump contained sensitive information on Police, Fusion centers which were recently leaked by WikiLeaks-like service called DDoSecrets. German police have seized a server that hosted the BlueLeaks data dump. As previously reported, BlueLeaks referees to a leaked databas...

0.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/12/06 8:59 a.m.185 views

Hacking Hardware Password Managers: The RecZone

TL:DR Hardware security can be difficult to fathom, so I set out to research three password vaults as a newbie, sharing my findings. I picked three popular hardware vaults, each with different components, requiring different skills and equipment. Here's how I learned about disassembly, chipset...

6.9AI score
Exploits0
OSV
OSV
added 2019/08/22 7:15 p.m.3 views

CVE-2019-12385

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches even guest users can dump any data contained in the database sessions, hashed passwords, etc.. This may lead to a full compromise of...

8.8CVSS7.3AI score0.01634EPSS
Exploits1References2
OSV
OSV
added 2019/03/21 4:0 p.m.2 views

CVE-2018-12572

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data...

7.8CVSS5.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2019/02/04 4:0 p.m.127 views

"Collection #1" Data Dump Hacker Identified

UPDATE Researchers say they have identified the threat actor behind the massive “Collection 1” data dump which exposed hundreds of millions of credentials on a hacking forum in January. Recorded Future researchers said this weekend that an individual using the monikor “C0rpz” has claimed as early...

1.1AI score
Exploits0References5
HackRead
HackRead
added 2019/02/02 2:58 p.m.203 views

World’s largest data dump surfaces on web with 2.2 billion accounts

By Waqas It hasn’t even been 15 days since details of the world’s biggest online private data dump were discovered by security researchers and now its second "installment" has posted online. As per the report from Heise.de, a German-language website, the first collection, which was published on...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2018/08/20 12:14 a.m.61 views

Shopify: Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass

Summary athena-flex-production.shopifycloud.com seems to be an internal system that Shopify uses because it redirects user to Okta login. During this however, I noticed that it first returns 200 and then does a redirect meaning some part of the website loads before redirecting. With this, I was...

6.9AI score
Exploits0
NVD
NVD
added 2018/03/02 5:29 p.m.19 views

CVE-2017-1654

IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378...

4CVSS3.8AI score0.00391EPSS
Exploits0References3
HackRead
HackRead
added 2017/09/07 2:55 p.m.54 views

New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware

By Waqas The ShadowBrokers is a group of hackers known for leaking This is a post from HackRead.com Read the original post: New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2017/07/31 12:50 a.m.9 views

Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2017/05/29 8:28 p.m.19 views

Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/05/16 8:30 a.m.14 views

ShadowBrokers Planning Monthly Exploit, Data Dump Service

Popcorn in hand, the ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before starting in June a subscription service for new exploits and stolen data akin to a wine of the month club. In what’s become a signature periodic rant from the unknowns behind the leak of...

0.7AI score
Exploits0References10
The Hacker News
The Hacker News
added 2017/04/14 9:17 p.m.10 views

Turns Out Microsoft Has Already Patched Exploits Leaked By Shadow Brokers

The latest dump of hacking tools allegedly belonged to the NSA is believed to be the most damaging release by the Shadow Brokers till the date. But after analyzing the disclosed exploits, Microsoft security team says most of the windows vulnerabilities exploited by these hacking tools, including...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/02/08 12:0 a.m.2 views

eClinicalWorks Patient Portal SQL Injection Vulnerability

eClinicalWorks Patient Portal is a product for healthcare applications from eClinicalWorks, Inc. that provides patients with a secure means of communicating to view their Personal Health Record PHR, view lab results, and more. An SQL injection vulnerability exists in the messageJson.jsp file in...

8.8CVSS7.9AI score0.01213EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/07 12:0 a.m.3 views

OIC Exponent CMS SQL Injection Vulnerability (CNVD-2017-01280)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A SQL injection vulnerability...

9.8CVSS9.7AI score0.01908EPSS
Exploits0References1
OSV
OSV
added 2017/01/23 5:59 p.m.4 views

CVE-2017-5569

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...

9.8CVSS5.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2016/09/22 10:16 p.m.11 views

Leaked NSA Hacking Tools Were 'Mistakenly' Left By An Agent On A Remote Server

If you are a hacker, you might have enjoyed the NSA's private zero-day exploits, malware and hacking tools that were leaked last month. But the question is: How these hacking tools ended up into the hands of hackers? It has been found that the NSA itself was not directly hacked, but a former NSA...

7AI score
Exploits0
Rows per page
Query Builder