Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Prion
Prionadded 2020/05/12 8:15 p.m.26 views

Design/Logic Flaw

An issue was discovered in Ignite Realtime Spark 2.8.3 and the ROAR plugin for it on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the NTLM hashes of the user are sent with the HTTP request. Th...

6.8CVSS8.5AI score0.00842EPSS
Exploits1References1Affected Software1
Metasploit
Metasploitadded 2016/12/09 4:41 a.m.48 views

Windows Local User Account Hash Carver

This module will change a local user's password directly in the registry. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Local User Account Hash Carver', 'Description...

7.3AI score
Exploits0
Kitploit
Kitploitadded 2016/12/04 2:9 p.m.13 views

DPAT - Domain Password Audit Tool for Pentesters

This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links. You can run the...

7.1AI score
Exploits0References3
Metasploit
Metasploitadded 2012/10/16 7:26 p.m.47 views

Microsoft SQL Server SQLi NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the SQL injection from GETPATH to connect to the target SQL Server instance and execute the native "xpdirtree" or stored procedure. The stored...

8.3AI score
Exploits0
myhack58
myhack58added 2009/07/15 12:0 a.m.16 views

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Exploits0
myhack58
myhack58added 2008/12/17 12:0 a.m.24 views

With GetHashes software get Windows System Hash password value-the value of vulnerability and early warning-the black bar safety net

For an intruder, get the Windows password is the entire attack process is crucial to a ring, have the system the original user password, will enable the network to penetrate and keep control more easily. Windows System Hash password values with LM-HASH and a NTLM-HASH value of the two parts, once...

7.2AI score
Exploits0
Rows per page
Query Builder