CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

GHSA-CQPC-X2C6-2GMF Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF

Summary The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. It is possibl...

Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF

Summary The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. It is possibl...

Password Cracker: Windows

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from Windows systems. LANMAN is format 3000 in hashcat. NTLM is format 1000 in hashcat. MSCASH is format 1100 in hashcat. MSCASH2 is format 2100 in hashcat. NetNTLM is format 5500 in hashcat. NetNTLMv2 ...

High-Power Hash Cracking with NPK

Password hashes are an everyday part of life in Coalfire Labs. Barring any other low-hanging fruit, its not uncommon for a penetration test to hinge on recovering a plaintext password from one of these hashes. Whether its NTLM hashes from Active Directory, NetNTLMv2 from Responder, WPA2 PMK from ...

CVE-2017-14971

Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel...

CVE-2017-14971

Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker delivers a crafted Microsoft Office document containing a link with a UNC pathname pointing to an attacker‑controlled server; in a described scenario, an Excel spreadsheet is used and the attacker‑...

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

Features Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker Worlds first and only GPGPU based rule engine Free Multi-GPU up to 128 gpus Multi-Hash up to 15 million hashes Multi-OS Linux & Windows native binaries Multi-Platform OpenCL & CUDA support Multi-Algo see below Low resource...