Lucene search
K

37 matches found

Github Security Blog
Github Security Blog
added 2021/09/01 6:41 p.m.43 views

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

3.5CVSS3.9AI score0.00458EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2021/07/15 12:0 a.m.6 views

Unspecified Vulnerability in Nextcloud (CNVD-2021-51796)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3 can be exploited by an attacker to enumerate potentially valid...

5.3CVSS6.5AI score0.01512EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/09/14 3:56 p.m.159 views

Basecamp: Information Disclosure of Garbage Collection Cycle

Hello, Upon enumerating a subdomain content I found a directory that discloses the duration of the garbage collection cycles. I think that these information should be kept private because public should not know information about the target application and how it operates or do its garbage...

0.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/01 7:46 p.m.18 views

Malicious Package in another-date-range-picker

Version 4.1.48 of another-date-range-picker contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 4.1.48 of this module is found...

2.9AI score
Exploits0References5Affected Software1
HackRead
HackRead
added 2020/07/11 4:56 p.m.36 views

Kasa camera flaw allows enumerating usernames for credential stuffing

By Sudais Asif The hacker who happens to be a hobbyist farmer and Kasa camera... This is a post from HackRead.com Read the original post: Kasa camera flaw allows enumerating usernames for credential stuffing...

2.7AI score
Exploits0
Veeam
Veeam
added 2019/12/02 12:0 a.m.20 views

How to Create Custom Backup Policy IAM Role

The Backup Policy IAM role is used to run the following backup operations: Enumerating of the resources.Taking EBS snapshots of selected EC2 instances volumes.Creating volumes from snapshots.Attaching...

3AI score
Exploits0Affected Software1
n0where
n0where
added 2018/12/03 10:47 p.m.61 views

Powershell Script for Enumerating Vulnerable DCOM Applications: DCOMrade

DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently...

Exploits0References3
Rhino Security Labs
Rhino Security Labs
added 2018/08/29 1:56 p.m.20 views

Assume the Worst:Enumerating AWS Roles through ‘AssumeRole’

The post Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’ appeared first on Rhino Security Labs...

2.6AI score
Exploits0
Kitploit
Kitploit
added 2018/04/08 8:59 p.m.98 views

LinkFinder - A Python Script That Finds Endpoints In JavaScript Files

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities...

7.2AI score
Exploits0References3
CNVD
CNVD
added 2017/09/14 12:0 a.m.1 views

Logic design flaws in the Android version of the E-Care App

E Nursing APP is a platform that provides professional nursing services for the majority of users through the development of an innovative health care service model by Shanghai Moyi Information Technology Development Co. There is a logical design vulnerability in the Android version of the E-Care...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/04/24 12:0 a.m.25 views

Cloudera Manager =< 5.5 Enumerating user sessions with an unprivileged account (CVE-2016-4950)

Cloudera Manager =:7180/api/v11/users/sessions It is worth mentioning that a user using the API won’t appear in the “currently connected” user list. The Cloudera CERT indicated that this vulnerability is fixed in version 5.8. Moreover, Cloudera Manager =:7180/api/v1/users...

5CVSS7.2AI score0.01589EPSS
Exploits1
Hacker One
Hacker One
added 2017/02/05 2:4 p.m.33 views

Phabricator: Enumerating emails through "Forgot Password" form

mongoose mongoose mongoose Hi! I am testing typical local installation of Phabricator. Using the forgot password form it is possible to enumerate users emails because of message There is no account associated with that email address.. So attacker theoretically can figure out registered users emai...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/31 12:0 a.m.44 views

ZKTeco ZKBioSecurity 3.0 User Enumeration

!/usr/bin/env python ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator...

0.2AI score
Exploits0
n0where
n0where
added 2016/02/26 5:17 p.m.26 views

Cross Platform DNS Recon Tool: Sonar

Sonar is a reconnaissance tool for enumerating sub domains. It was modeled after Knock and DNSRecon though explicitly not written in Python to avoid the limitations of threading and dependencies. Sonar is statically compiled meaning it has no dependencies and even dynamically builds the default...

7.2AI score
Exploits0References3
n0where
n0where
added 2015/08/09 7:51 p.m.19 views

Nosql Exploitation Framework

The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...

0.1AI score
Exploits0References1
Metasploit
Metasploit
added 2012/01/29 10:3 p.m.51 views

UNIX Gather .netrc Credentials

Post Module to obtain credentials saved for FTP and other services in .netrc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UNIX Gather .netrc Credentials', 'Description' = %q Post Module to...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.14 views

Nmap NSE net: stuxnet-detect

Detects whether a host is infected with the Stuxnet worm http://en.wikipedia.org/wiki/Stuxnet. An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed...

Exploits0
Rows per page
Query Builder