34 matches found
Exploit for CVE-2025-4396
CVE-2025-4396 - WordPress Relevanssi Time-Based Blind SQL Inje...
CVE-2025-10285 Simplcity Device Manager exposes NTLMv2 hash
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...
PT-2025-49153
Name of the Vulnerable Software and Affected Versions Silicon Labs Simplicity Device Manager affected versions not specified Description The web interface of the Silicon Labs Simplicity Device Manager, when exposed publicly, allows an attacker to extract the NTLMv2 hash. This hash can then be use...
EUVD-2019-18490
Malware in sbrugna...
EUVD-2016-10294
Malware in sbrugna...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2025-24071 / CVE-2025-24054 PoC Edit: MICROSOFT HAS BEE...
ColdFusion password.properties Hash Extraction
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ColdFusion 'password.properties' Hash Extraction", 'Description' = %q This module uses a directory traversal vulnerability to extract information...
CVE-2023-27481 Extract password hashes through export querying in directus
Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...
Freki - Malware Analysis Platform
Freki is a free and open-source malware analysis platform. Goals 1. Facilitate malware analysis and reverse engineering; 2. Provide an easy-to-use REST API for different projects; 3. Easy deployment via Docker; 4. Allow the addition of new features by the community. Current features Hash...
Code injection
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15357
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-10174
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role...
IBM Lotus Domino R8 - Password Hash Extraction
Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage: https://www-01.ibm.com/software/lotus/category/messaging/ Tested on: Lotus Domino...
Nuked-Klan <= 1.7.6 - Multiple Vulnerabilities Exploit
No description provided by source. ?php / Name: Nuked-Klan = 1.7.6 Multiple Vulnerabilities Exploit Credits: Charles real F. charlesfolathotmail.fr URL: http://realn.free.fr/releases/46556 Date: 04-01-08 - Remote Code Execution - Remote File Upload - Admin Hash Extraction Remote Code Exec...
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
No description provided by source. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date:...
[Blackhash] Audit Passwords Without Hashes
A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password...
vBulletin 5 - 'index.php/ajax/api/reputation/vote?nodeid' SQL Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injection...
ColdFusion 'password.properties' Hash Extraction
This module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10 auto-detect. This module requires Metasploit: https://metasploit.com/download Current...
Userlocator 3.0 (y) Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w use strict; use LWP::Simple; $| = 1; p print q ::::::::::::::::::::::::::::: :: Userlocator 3.0 Exploit :: :: written by katharsis :: ::::::::::::::::::::::::::::: www.katharsis.x2.to [email protected] ; if @ARGV 2 print "Usage: usrlocsploit....
FLDS 1.2a Blind SQL Injection
FLDS 1.2a lpro.php id Blind SQL Injection Vulnerability + Discovered By SirGod + Greetz : All my friends + Blind SQL Injection - Get username : http://target/path/lpro.php?id=1 and asciisubstringSELECT username from users limit 0,1,1,196 Query is truepage loads normally.Going to next ascii char...