5878 matches found
HCL BigFix Inventory 安全漏洞
HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...
Default credentials
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...
CVE-2020-28086
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...
CVE-2020-28086
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...
CVE-2020-28086
The CVE-2020-28086 issue affects pass through 1.7.3, where a mismatch allows decrypting the wrong password from a Git-managed password store. Exploitation requires the attacker to control the central Git server (or other members’ machines) and at least one service in the password store, then rena...
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation states that there are thre...
Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
SUSE SLED15 / SLES15 Security Update : python-cryptography (SUSE-SU-2020:3592-1)
This update for python-cryptography fixes the following issues : CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption bsc1178168. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
SIEMENS SICAM A8000 RTUs SSL Configuration Insecurity Vulnerability
The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...
多款Siemens产品安全漏洞
The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...
Baphomet - Basic Concept Of How A Ransomware Works
This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack our files. This project is written in C using the net-core application framework 3.1.The main idea of the code is to make it as readable as possible so that people have an idea of how this type...
Karkinos - Penetration Testing And Hacking CTF's Swiss Army Knife With: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: Encoding/Decoding characters Encrypting/Decrypting text or files Reverse shell handling Cracking and generating hashes Dependancies Any server capable of hosting...
Information Disclosure
xrdp is vulnerable to information disclosure. The vulnerability exists in /.vnc/sesman$usernamepasswd due to the successful logging to RDP into an xrdp session,uses a known key to store session passwords in text files. Allows an attacker to decrypt the file and obtain a user password...
Buffer Overflow
ssldump is vulnerable to buffer overflow. When running in decryption mode an attacker may execute arbitrary code via a long RSA PreMasterSecret...
MTN Group: PHP Info Exposing Secrets at https://radio.mtn.bj/info
Summary: During recon I discovered a PHP Info file exposing environment variables such as; Laravel APPKEY, Database username/password, SMTP username/password, etc. Steps To Reproduce: Visit the following URL; https://radio.mtn.bj/info You will be presented with a PHP Info file exposing environmen...
SUSE-SU-2020:3592-1 Security update for python-cryptography
This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption bsc1178168...
Valvesoftware GameNetworkingSockets Buffer Error Vulnerability
Valvesoftware GameNetworkingSockets is a transport layer support software for games to pass data from Valvesoftware USA. A security vulnerability exists in Valve Game Networking Sockets versions prior to 1.2.0, which stems from the incorrect handling of long encrypted messages in...
IBM Cloud Pak for Security Weak Encryption Algorithm Vulnerability
IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...
GG-AESY - Hide Cool Stuff In Images
Blogpost: https://redteamer.tips/introducing-gg-aesy-a-stegocryptor/ WARNING: you might need to restore NuGet packages and restart visual studio before compiling. If anyone knows how I can get rid of this problem, DM me. Manual To start off, I highly recommend to always use GG-AESY using verbose...