Lucene search
K

5470 matches found

CNVD
CNVD
added 2020/08/13 12:0 a.m.2 views

Incorrect Authentication Vulnerability in Multiple Huawei Products

Huawei Mate 20, Mate 20 Pro, Mate 20 X, and Mate 20 RS are a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in several Huawei products, which stems from the program's failure to properly sign encrypted files. An attacker could use the vulnerability to forge documen...

6.8CVSS6.8AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2020/08/12 2:15 p.m.3 views

CVE-2020-6295

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to...

7.8CVSS7.1AI score
Exploits0References2
CVE
CVE
added 2020/08/12 1:28 p.m.49 views

CVE-2020-6295

CVE-2020-6295 affects SAP Adaptive Server Enterprise 16.0. A vulnerability allows an attacker to access encrypted sensitive information through publicly readable installation log files, leading to a compromise of the Cockpit and potential information disclosure (view/modify/unavailable data). The...

7.8CVSS7.3AI score0.0027EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.5 views

PT-2020-15453 · Jenkins · Jenkins Email Extension Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.72 through 2.73 Description: The issue concerns the transmission and display of the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure...

7.5CVSS7.5AI score0.00755EPSS
Exploits0References7
HackRead
HackRead
added 2020/08/10 4:3 p.m.18 views

Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file

By Waqas An investor had locked $300k worth of Bitcoin in an encrypted Zip file and forgot its password. This is a post from HackRead.com Read the original post: Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file...

1.1AI score
Exploits0
Kitploit
Kitploit
added 2020/08/07 12:30 p.m.25 views

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

7.3AI score
Exploits0References5
Huawei
Huawei
added 2020/08/05 12:0 a.m.35 views

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. Vulnerability ID: HWPSIRT-2019-10020 This...

6.8CVSS6.7AI score0.00234EPSS
Exploits0Affected Software16
CNVD
CNVD
added 2020/08/03 12:0 a.m.3 views

October CMS Information Disclosure Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. An information disclosure vulnerability exists in versions of October CMS prior to 1.0.468 that stems from the program not binding an encrypted cookie value to the cookie name of that...

6.3CVSS6.2AI score0.00689EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/08/02 9:30 p.m.89 views

DeimosC2 - A Golang Command And Control Framework For Post-Exploitation

DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...

7.6AI score
Exploits0References11
NVD
NVD
added 2020/07/31 6:15 p.m.12 views

CVE-2020-15128

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...

6.3CVSS6.6AI score0.00689EPSS
Exploits0References3
Prion
Prion
added 2020/07/31 6:15 p.m.14 views

Design/Logic Flaw

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...

3.5CVSS6.5AI score0.00689EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/07/31 5:15 a.m.7 views

CVE-2020-3681

Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...

9.8CVSS9.4AI score0.00749EPSS
Exploits0References2
Prion
Prion
added 2020/07/31 5:15 a.m.10 views

Code injection

Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...

7.5CVSS9.3AI score0.00749EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/31 5:0 a.m.17 views

CVE-2020-3681

Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...

9.4AI score0.00749EPSS
Exploits0References1
CVE
CVE
added 2020/07/31 5:0 a.m.54 views

CVE-2020-3681

CVE-2020-3681 affects HPAV2 systems according to multiple sources in the provided documents. The vulnerability allows forging authenticated and encrypted payload MMEs that can be remotely sent to the device over the network, enabled by a jailbreak key recoverable from code. The root cause and aff...

9.8CVSS9.3AI score0.00749EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/07/27 11:15 p.m.22 views

CVE-2020-12880

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

5.5CVSS6.6AI score0.00477EPSS
Exploits0References2
Prion
Prion
added 2020/07/27 11:15 p.m.19 views

Hardcoded credentials

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

2.1CVSS5.5AI score0.00477EPSS
Exploits0References2Affected Software4
Apple
Apple
added 2020/07/27 8:16 a.m.66 views

About the security content of iOS 10.3.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

10CVSS0.4AI score0.47537EPSS
Exploits60Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.16 views

Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy

Summary IBM Secure Proxy has corrected the missing secure attribute in encrypted session SSL cookies from the impacted session. Vulnerability Details Third Party Entry: PSIRT-ADV0022033 DESCRIPTION: Created from Advisory: ADV0022033 CVSS Base score: 4.3 CVSS Vector:...

1.7AI score
Exploits0Affected Software1
Malwarebytes
Malwarebytes
added 2020/07/22 3:0 p.m.39 views

EncroChat system eavesdropped on by law enforcement

Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The goo...

7.1AI score
Exploits0
Rows per page
Query Builder