CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2022/03/21 12:0 a.m.•216 views

ICT Protege GX/WX 2.08 Cross Site Scripting

ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App: 02.08.766 Lib: 04.00.169 Int: 02.2.208...

7.4AI score

IBM Security Bulletins•added 2022/03/19 4:17 a.m.•39 views

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-14781)

Summary Under certain circumstances, encrypted LDAP connections can be downgraded to unencrypted connections. The fix ensures that encrypted LDAP connections cannot be downgraded in this way. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related ...

4.3CVSS4.5AI score0.02296EPSS

Exploits0Affected Software1

OSV•added 2022/03/18 6:15 p.m.•3 views

CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

6.5CVSS6.7AI score

OSV•added 2022/03/18 6:15 p.m.•3 views

CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5.3CVSS5.8AI score0.00825EPSS

NVD•added 2022/03/18 6:15 p.m.•25 views

CVE-2020-25180

6.5CVSS0.01122EPSS

NVD•added 2022/03/18 6:15 p.m.•13 views

CVE-2020-25193

5.3CVSS0.00825EPSS

Cvelist•added 2022/03/18 6:0 p.m.•21 views

CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key

5.3CVSS5.3AI score0.00825EPSS

ATTACKERKB•added 2022/03/16 3:15 p.m.•0 views

CVE-2022-26660

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used...

7.5CVSS7.1AI score0.00593EPSS

OSV•added 2022/03/16 3:15 p.m.•3 views

CVE-2022-26660

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used...

7.5CVSS5.8AI score

Exploits0References1

BDU FSTEC•added 2022/03/11 12:0 a.m.•10 views

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, allowing a hacker to gain full control over the operating system.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the use of strictly encrypted login credentials during the installation of UltraVNC. Exploiting this vulnerability can allow a malicious actor to gain full control over the operating...

10CVSS5.5AI score

BDU FSTEC•added 2022/03/11 12:0 a.m.•10 views

10CVSS5.5AI score

NVD•added 2022/03/10 5:45 p.m.•10 views

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

4.3CVSS0.00946EPSS

Exploits0References6

ATTACKERKB•added 2022/03/10 5:45 p.m.•6 views

CVE-2022-21170

4.3CVSS5.8AI score0.00946EPSS

Exploits0References7Affected Software1

NVD•added 2022/03/10 5:43 p.m.•22 views

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

3.3CVSS0.00311EPSS

UbuntuCve•added 2022/03/10 5:43 p.m.•37 views

CVE-2021-3981

3.3CVSS6.2AI score0.00311EPSS

Exploits0References3

Metasploit•added 2022/03/10 5:42 p.m.•24 views

Windows Encrypted Reverse Shell

Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/windows/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set ACTION msf payloadencryptedshellreversetcp show options ...show...

5.9AI score

Metasploit•added 2022/03/10 5:42 p.m.•39 views

Windows Command Shell, Encrypted Reverse TCP Stager

Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/windows/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options... msf...

5.9AI score

Microsoft Secure•added 2022/03/10 5:0 p.m.•17 views

Why decentralization is the future of digital identities

Our identity is increasingly becoming digitized—more of our hard copy credentials are converting into digital formats. We use these digital credentials to work, learn, play, socialize, shop, and consume services online and offline every day. It’s so convenient and expected now to be able to have...

6.5AI score

Malwarebytes•added 2022/03/09 8:0 p.m.•17 views

Twitter makes the leap to Tor

Tor is getting another visibility boost for people who may not otherwise come into contact with it. The reason: an attempt to navigate increasing amounts of censorship. What is Tor? The Tor network is something designed to keep communications anonymous. A variety of tools exist to make use of it,...

0.4AI score