CVE-2019-20457

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...

EUVD-2009-0711

Malware in sbrugna...

EUVD-2024-16467

Malicious code in bioql PyPI...

Exploit for CVE-2020-1472

ZeroLogon exploitation script Exploit code based on https://www.secura.com/blog/zero-logon and https://github.com/SecuraBV/CVE-2020-1472. Original research and scanner by Secura, modifications by RiskSense Inc. To exploit, clear out any previous Impacket installs you have and install Impacket fro...

CVE-2025-41380

Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string...

CVE-2025-41380

CVE-2025-41380 affects Iridium Certus 700, version 1.0.1. The vulnerability is an embedded credentials issue that lets a local user retrieve the SSH hash string. CVSS v4.0 base score 6.1 (MEDIUM); vector: LOCAL, low attack complexity, no user interaction required, privileges required LOW. Impact ...

CVE-2020-13136

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...

CVE-2025-1887

CVE-2025-1887 concerns an SMB forced authentication vulnerability in Sage 200 Spain, affected in versions prior to 2025.35.000. An authenticated attacker with administrator privileges can obtain an NTLMv2-SSP hash by redirecting a UNC path to a server under the attacker’s control. The root cause ...

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

CVE-2019-20457

The CVE-2019-20457 entry concerns Brother MFC-J491DW (firmware C1806180757). Affected component is the web interface where authentication can be bypassed to reveal the password hash. The underlying issue is that the response header after failed login attempts returns an incomplete authorization c...

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...

RHEL 8 : idm:DL1 (RHSA-2024:3759)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3759 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth...

U.S. Dept Of Defense: [CVE-2021-29156] LDAP Injection at https://██████

Description: https://█████ is vulnerable to CVE-2021-29156 References https://hackerone.com/reports/1278050 https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

Online-Exam-System 2015 - SQL Injection

Online-Exam-System 2015 suffers from a remote SQL injection vulnerability. Exploit Title: Online-Exam-System 2015 - 'feedback' SQL Injection Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://github.com/sunnygkp10/ Software Link:...

CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...

CVE-2017-12173

CVE-2017-12173 affects sssd: the sysdb_search_user_by_upn_res() function did not sanitize requests when querying the local cache, with versions before 1.16.0 vulnerable to injection. In centralized login environments, if a password hash is cached for a user, an authenticated attacker could retrie...

CVE-2018-10174

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role...

EulerOS 2.0 SP1 : sssd (EulerOS-SA-2017-1324)

According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In...

FAQEngine <= 4.16.03 (question.php questionref) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w FAQEngine = v4.16.03 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code question.php: $sql = select from .$tableprefix.questions where publish=1 and...