5470 matches found
Incorrect Authentication Vulnerability in Multiple Huawei Products
Huawei Mate 20, Mate 20 Pro, Mate 20 X, and Mate 20 RS are a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in several Huawei products, which stems from the program's failure to properly sign encrypted files. An attacker could use the vulnerability to forge documen...
CVE-2020-6295
Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to...
CVE-2020-6295
CVE-2020-6295 affects SAP Adaptive Server Enterprise 16.0. A vulnerability allows an attacker to access encrypted sensitive information through publicly readable installation log files, leading to a compromise of the Cockpit and potential information disclosure (view/modify/unavailable data). The...
PT-2020-15453 · Jenkins · Jenkins Email Extension Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.72 through 2.73 Description: The issue concerns the transmission and display of the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure...
Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file
By Waqas An investor had locked $300k worth of Bitcoin in an encrypted Zip file and forgot its password. This is a post from HackRead.com Read the original post: Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file...
Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool
Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. Vulnerability ID: HWPSIRT-2019-10020 This...
October CMS Information Disclosure Vulnerability
October CMS is an open source content management system CMS based on PHP and Laravel web application framework. An information disclosure vulnerability exists in versions of October CMS prior to 1.0.468 that stems from the program not binding an encrypted cookie value to the cookie name of that...
DeimosC2 - A Golang Command And Control Framework For Post-Exploitation
DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...
CVE-2020-15128
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...
Design/Logic Flaw
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...
CVE-2020-3681
Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...
Code injection
Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...
CVE-2020-3681
Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code...
CVE-2020-3681
CVE-2020-3681 affects HPAV2 systems according to multiple sources in the provided documents. The vulnerability allows forging authenticated and encrypted payload MMEs that can be remotely sent to the device over the network, enabled by a jailbreak key recoverable from code. The root cause and aff...
CVE-2020-12880
An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...
Hardcoded credentials
An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...
About the security content of iOS 10.3.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Security Bulletin: Missing Cookie Attribute Vulnerability Affects IBM Secure Proxy
Summary IBM Secure Proxy has corrected the missing secure attribute in encrypted session SSL cookies from the impacted session. Vulnerability Details Third Party Entry: PSIRT-ADV0022033 DESCRIPTION: Created from Advisory: ADV0022033 CVSS Base score: 4.3 CVSS Vector:...
EncroChat system eavesdropped on by law enforcement
Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device. This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The goo...