Keycloak Services has a potential bypass of brute force protection

If an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user. Acknowledgements: Special thank...

Keycloak's admin API allows low privilege users to use administrative functions

Users with low privileges just plain users in the realm are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data...

PHP Event Calendar Lite Edition SQL Injection Vulnerability

Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification: 2021-08-09 Solution Date:...

Tiny Java Web Server 1.115 Cross Site Scripting

Advisory ID: SYSS-2021-042 Product: Tiny Java Web Server and Servlet Container TJWS Manufacturer: D. Rogatkin Affected Versions: = 1.115 Tested Versions: 1.107, 1.114 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2021-07-21...

Broadcom Wi-Fi Devices - (KR00K) Information Disclosure Exploit

Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...

kernel security, bug fix, and enhancement update

3.10.0-514.10.2.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-514.10.2 - net dccp: fix freeing skb too early for IPV6RECVPKTINFO Hannes...

McAfee VirusScan Enterprise 8.8 Security Bypass

Security Advisory @ Mediaservice.net Srl 01, 13/04/2016 Data Security Division Title: McAfee VirusScan Enterprise security restrictions bypass Application: McAfee VirusScan Enterprise 8.8 and prior versions Platform: Microsoft Windows Description: A local Windows administrator is able to bypass t...

Windows Enumerate LSA Secrets

This module will attempt to enumerate the LSA Secrets keys within the registry. The registry value used is: HKEYLOCALMACHINE\Security\Policy\Secrets\. Thanks goes to Maurizio Agazzini and Mubix for decrypt code from cachedump. This module requires Metasploit: https://metasploit.com/download...

SNMPv3 HMAC validation error Remote Authentication Bypass Exploit

Exploit for multiple platform in category remote exploits ================================================================= SNMPv3 HMAC validation error Remote Authentication Bypass Exploit ================================================================= snmpv3exp.sh exploit the vulnerability...