EUVD-2024-31731

Malicious code in bioql PyPI...

CVE-2024-3130

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

CVE-2024-3130

CVE-2024-3130 affects CoolKit eWeLlink app prior to 5.4.x. The vulnerability is due to hard-coded credentials in the Android/iOS client, enabling a local attacker to access sensitive data via a decryption algorithm and a key obtainable after decompiling the app. Impact is confidential data exposu...

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...

LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...

Roaming Mantis, part IV

One year has passed since we published the first blogpost about the Roaming Mantis campaign on securelist.com, and this February we detected new activities by the group. This blogpost is follow up on our earlier reporting about the group with updates on their tools and tactics. Mobile config for...

FlashFXP 1.4 User Password Encryption Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for...

Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/880/info IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\DomainName\Users\UserName, in a string value called Password. The encryption scheme used is weak and...

CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL)

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | | |------------------------------------------------- EIP Hunters...

Ipswitch IMail Server本地权限提升漏洞

BUGTRAQ ID: 38109 Ipswitch IMail Server是Ipswitch协作组件中捆绑的一个邮件服务器。 默认下IMail允许Internet Guest账号以Full Control权限访问以下注册表项及其子项和值：HKEYLOCALMACHINE\SOFTWARE\Ipswitch\IMail。此外 IMail的IMailsec.dll库中所实现的口令解密算法是可逆的，本地用户可以在HKEYLOCALMACHINE\SOFTWARE \Ipswitch\IMail\Domains\domain name\Users下找到Password字符串，然后破解加密的口...

Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL

Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 |...