14 matches found
EUVD-2022-28960
Malicious code in bioql PyPI...
CVE-1999-0469
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client...
sos bug fix and enhancement update
An update is available for sos. This update affects Rocky Linux 8, Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather informatio...
Authentication Capture: LDAP
This module mocks an LDAP service to capture authentication information of a client trying to authenticate against an LDAP service Module Options msf use auxiliary/server/capture/ldap msf auxiliaryldap show actions ...actions... msf auxiliaryldap set ACTION msf auxiliaryldap show options ...show...
CVE-2020-4996
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913...
CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
KLA11582 Multiple vulnerabilities in Oracle Java SE
Multiple vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities: 1. A vulnerability in Kerberos component can be exploited to bypass security restrictions; 2. A vulnerability in...
Windows NTLM Auth Hash Disclosure / Denial Of Service Vulnerabilities
Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine. Hello, I want to share some information with the people on the list. On May 24, I found a problem with NTLM auth on Windows. Under certain circumstances a shared...
Information disclosure
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of...
CVE-2017-6432
The CVE-2017-6432 entry concerns Dahua DHI-HCVR7216A-S3 devices (firmware 3.210.0001.10, build 2016-06-06). The Dahua DVR protocol on TCP port 37777 is an unencrypted binary protocol; a Man-in-the-Middle can sniff and inject packets, enabling creation of fully privileged new users and capture of ...
KLA10502 Multiple vulnerabilities in BACnet OPC Server
Multiple critical vulnerabilities have been found in BACnet OPC Server. Malicious users can exploit these vulnerabilities to execute arbitrary files and read&write local database. Below is a complete list of vulnerabilities 1. An unknwon vulnerabilities can be exploited remotely via unknown vecto...
Hacking Facebook users just from chat box using multiple vulnerabilities
Nir Goldshlager, Founder/CEO at Break Security known for finding serious flaws in Facebook once again on The Hacker News for sharing his new finding i.e Stored Cross-site Scripting XSS in Facebook Chat, Check In and Facebook Messenger. Stored Cross-site Scripting XSS is the most dangerous type of...
Outlook Web Access URL Injection
Due to a lack of sanitization of the user input, the remote version of Microsoft Outlook Web Access 2003 is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to OWA. SPDX-FileCopyrightText: 2005 Michael J. Richardson...
CVE-1999-0469
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client...