Windows Gather Navicat Passwords

This module will find and decrypt stored Navicat passwords. Module Options msf use post/windows/gather/credentials/navicat msf postnavicat show actions ...actions... msf postnavicat set ACTION msf postnavicat show options ...show and set options... msf postnavicat run This module requires...

CVE-2022-38117

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

CVE-2022-38117

The CVE-2022-38117 entry describes Juiker app hard-coding an AES key in its source code. A to-the-point consequence is that a physical attacker who gains Android root privileges can use the embedded key to decrypt users’ ciphertext and tamper with it. The connected documents confirm the root-caus...

Windows Gather MobaXterm Passwords

This module will determine if MobaXterm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible, using the decryption information that HyperSine reverse...

Blink1Control2 2.2.7 - Weak Password Encryption

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Date: 2022-08-12 // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const...

CVE-2022-30683

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this i...

Denial Of Service (DoS)

jose is vulnerable to denial of service. The vulnerability exists in the multiple functions in decrypt.ts due to not limiting the computational expense of default PBES2 algorithm, allowing an attacker to crash the application by providing malicious input...

CVE-2022-29053

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...

Blue Prism Enterprise 安全漏洞

Blue Prism Enterprise is an intelligent robotic process automation RPA software from Blue Prism UK. A security vulnerability exists in Blue Prism Enterprise versions 6.0 through 7.01 that stems from the possibility that an authenticated user could reverse engineer the Blue Prism software to...

Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM/Cisco switches and directors. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obtain...

LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl

CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...

CVE-2021-22640

CVE-2021-22640 affects Ovarro TBox RTUs (LT2, MS-CPU32, MS-CPU32-S2, RM2, TG2) and pre-12.4/TWinSoft firmware ≤ 1.46. It discloses credentials: login passwords can be decrypted via network traffic capture and brute force attempts. ICS Advisory ICSA-21-054-04 confirms remote/exploit potential and ...

CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

PT-2022-9257 · Ovarro · Ovarro Tbox

Name of the Vulnerable Software and Affected Versions: Ovarro TBox affected versions not specified Description: An attacker can decrypt the Ovarro TBox login password by capturing communication and using brute force attacks. Recommendations: At the moment, there is no information about a newer...

CVE-2022-22453

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919...

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

UBUNTU-CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Blink1 Blink1Control2

blink1-pass-decrypt ⭐ poc and simple script designed for rever...

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...