Lucene search
K

171 matches found

Prion
Prion
added 2018/07/24 3:29 p.m.20 views

Code injection

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

2.1CVSS4.8AI score0.00309EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/07/24 3:29 p.m.19 views

CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

4.6CVSS6.4AI score
Exploits0References2
Debian CVE
Debian CVE
added 2018/07/24 3:0 p.m.18 views

CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

4.6CVSS4.8AI score0.00309EPSS
Exploits0
OSV
OSV
added 2018/04/11 7:29 p.m.6 views

CVE-2018-0021

If all 64 digits of the connectivity association name CKN key or all 32 digits of the connectivity association key CAK key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an...

8.8CVSS5.8AI score0.00634EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2018/01/09 7:17 a.m.14 views

Wi-Fi Alliance launches WPA3 protocol with new security features

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access WPA3. WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices eve...

6.7AI score
Exploits0
Broadcom
Broadcom
added 2017/09/29 12:0 a.m.8 views

BSA-2017-444

Security Advisory ID : BSA-2017-444 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

4.6CVSS6.6AI score0.00309EPSS
Exploits0
Kitploit
Kitploit
added 2017/09/17 2:30 p.m.30 views

LaZagne v2.2 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

7.1AI score
Exploits0References2
OSV
OSV
added 2017/08/01 2:29 p.m.5 views

CVE-2017-11131

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for...

5.9CVSS5.8AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2017/06/30 3:29 a.m.4 views

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

9.8CVSS5.8AI score0.01281EPSS
Exploits0References2
NVD
NVD
added 2017/06/30 3:29 a.m.17 views

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

9.8CVSS9.4AI score0.01281EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/06/30 2:35 a.m.21 views

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

9.3AI score0.01281EPSS
Exploits0References2
Kitploit
Kitploit
added 2017/05/22 2:57 p.m.75 views

Cameradar - An RTSP Surveillance Camera Access Multitool

Cameradar hacks its way into RTSP CCTV cameras Cameradar allows you to: Detect open RTSP hosts on any accessible target Get their public info hostname, port, camera model, etc. Launch automated dictionary attacks to get their stream route for example /live.sdp Launch automated dictionary attacks ...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/05/14 8:36 p.m.19 views

Marfil - An Extension of the Aircrack-ng Suite used to assess WiFi Network Security

Marfil is an extension of the Aircrack-ng suite, used to assess WiFi network security. It allows to split the work of performing long running dictionary attacks among many computers. Motivation The Aircrack-ng suite provides the aircrack-ng tool, which is a 802.11 WEP and WPA/WPA2-PSK key crackin...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2016/04/04 11:29 p.m.68 views

RouterSploit - Router Exploitation Framework

The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

8.1AI score
Exploits0References1
n0where
n0where
added 2015/08/09 7:51 p.m.20 views

Nosql Exploitation Framework

The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...

0.1AI score
Exploits0References1
Metasploit
Metasploit
added 2014/11/10 7:42 p.m.119 views

Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration

This module can be used to obtain a list of all logins from a SQL Server with any login. Selecting all of the logins from the master..syslogins table is restricted to sysadmins. However, logins with the PUBLIC role everyone can quickly enumerate all SQL Server logins using the SUSERSNAME function...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/08/04 9:5 a.m.7 views

Mozilla MDN Password Disclosure Affects 76,000 Developers

Some members of the Mozilla Developer Network are being advised to change their passwords after email addresses and encrypted credentials were disclosed on a public server. Mozilla director of developer relations Stormy Peters said the organization has been investigating the disclosure for 10 day...

1.7AI score
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Cisco LEAP Password Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8755/info It has been reported that Cisco LEAP Lightweight Extensible Authentication Protocol is prone to a password disclosure weakness that may allow a remote user to steal user passwords. The issue may be exploited out...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/03/13 9:5 p.m.9 views

[Cisco Torch] Mass Scanning, Fingerprinting, and Exploitation Tool

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the tools availalbe on the market could not meet our needs. The main feature that makes Cisco-torch different from similar tools is the...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/02/24 7:29 p.m.12 views

[ParameterFuzz v1.8] Parameter´s auditor for web applications

ParameterFuzz is a tool to check the level of fortification in web applications, try to cover the field more exploited by hackers, as the majority of known attacks are based on exploiting poorly filtered parameters. Just as SQL injection, Cross Site Scripting or RFI among others. This tool is...

8.3AI score
Exploits0
Rows per page
Query Builder