203 matches found
Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center
Lenovo Security Advisory:LEN-2015-074, LEN-2746 Potential Impact: Escalation of Privileges Severity: High Summary: Multiple vulnerabilities have been identified in the following products: - IBM System Networking Switch Center - Lenovo Switch Center Description: Lenovo Switch Center, previously...
CVE-2016-5927
IBM Tivoli Storage Manager for Space Management aka Spectrum Protect for Space Management 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output...
Input validation
IBM Tivoli Storage Manager for Space Management aka Spectrum Protect for Space Management 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is configured, allows local users to discover an encrypted password by reading application-trace output...
CVE-2016-2203
The management console on Symantec Messaging Gateway SMG Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges...
The vulnerability of the microprogramming software of the Harman AMX multimedia stream management system allows a intruder to gain access to protected information.
The vulnerability of the setUpSubtleUserAccount/bin/bw function in the Harman AMX multimedia stream management software is related to the existence of a strictly encrypted password for the 1MB@tMaN account. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access ...
CSRF vulnerabilities in Callisto 821+R3 ADSL Router
Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...
FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net
In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...
SolarWinds N-Able N-Central Information Disclosure Vulnerability
SolarWinds N-Able N-Central is a suite of agent-based enterprise support and management solutions from SolarWinds USA. A information disclosure vulnerability exists in SolarWinds N-Able N-Central versions prior to 9.5.1.4514, which can be exploited to obtain a plaintext domain administrator...
SysAid Help Desk Database Credentials Disclosure
This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. This is used to download the server configuration file that contains the database username and password, which is encrypted with a fixed, known key. This modul...
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit
This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...
Default credentials
McAfee ePolicy Orchestrator ePO before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password...
CVE-2014-8032
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449...
Design/Logic Flaw
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449...
CVE-2014-8032
CVE-2014-8032 concerns Cisco WebEx Meetings Server where the OutlookAction LI may disclose a user’s encrypted password to an authenticated remote attacker. The Cisco advisory states the issue arises from the server returning encrypted password values and that authenticated access (potentially on ...
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure Exploit
This Metasploit module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the...
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure', 'Description' = %q This module will exploit a...
ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass
The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...
CVE-2014-4869
The Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group...
Design/Logic Flaw
The Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group...