Deepsecrets - Secrets Scanner That Understands Code

Yet another tool - why? Existing tools don't really "understand" code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search approaches with semantic analysis, dangerous variable detection, and more efficient usage of entropy analysis. Code understanding supports 500+ languag...

U.S. Dept Of Defense: Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course

The application allowed an attacker to enumerate all candidate names who had applied for various courses by cycling a numeric parameter in the application's URL...

CVE-2020-1620

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1...

Design/Logic Flaw

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1...

CVE-2020-1624 Junos OS Evolved: objmon logs may leak sensitive information

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1...

CVE-2020-1622

Junos OS Evolved is affected. A local, authenticated user can access the EvoSharedObjStore and obtain hashed login passwords and shared secrets, leaking confidential data. Affected versions are all prior to 19.1R1; remediation is to upgrade to 19.1R1 or later. Exploitation status is not detailed ...