Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion

This flaw allows users to delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site. PoC...

EulerOS Virtualization 2.5.0 : openssl (EulerOS-SA-2018-1339)

According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC...

UBUNTU-CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

CVE-2018-6683

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention DLP for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline...

Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN)

This module will try to find Service Principal Names that are associated with normal user accounts. Since normal accounts' passwords tend to be shorter than machine accounts, and knowing that a TGS request will encrypt the ticket with the account the SPN is running under, this could be used for a...

CVE-2017-3736

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

CVE-2017-3732

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

Information Disclosure

OpenSSL is vulnerable to information disclosure. The library contains a carry propagation bug during the montgomery squaring procedure. This makes it easier for a malicious user to obtain sensitive private key information from the Diffie-Hellman Ciphersuite as the attack can be conducted offline...

Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm

Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm Exploit Title: Magnet Networks – Weak WPA-PSK passphrases used in Tesley CPVA 642 Router Google Dork: Date: 01/06/2016 Author: Matt O'Connor Advisory Link: https://www.rgb.ie/magnet-broadband-weak-wpa-psk-algorithm.pdf...

Flawed TLS Implementations Leak RSA Keys

A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys. Florian Weimer, a researcher with Red Hat, last week published a paper called “Factoring RSA Keys With TLS Perfect Forward Secrecy” that demonstrated...

Pixiewps - Bruteforce Offline the WPS Pin (Pixie Dust Attack)

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack. It is meant for educational purposes only. All credits for the research go to Dominique Bongard. DEPENDENCIES Pixiewps requires libssl. To install it:...

CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf &#40;TCP&#41; Service

Title =================== Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf TCP Service Summary =================== Opendaylight www.opendaylight.com is vulnerable to Local and Remote File Inclusion in the Netconf TCP Service via an External Entity Injection XXE...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

No description provided by source. Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Category: Remote Tested on: Sky SR1...

Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm

Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key Google Dork: Date: 08/08/2014 Author: Matt O'Connor / Planit Computing Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf Version: Category: Remote Tested on: Sky SR101 Router The SR101 routers supplie...

PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom...

IKE Aggressive Mode Shared Secret Hash Leakage Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7423/info When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the...

PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure &#40;CVE-2014-2560&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...

PhonerLite 2.14 Digest Information Leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...

McAfee加密USB管理器远程安全绕过漏洞

BUGTRAQ ID:30630 CNCAN ID：CNCAN-2008081202 McAfee Encrypted USB Manager是一款采用强大的加密技术，并结合强式存取控制方法来保护资料的解决方案。 McAfee Encrypted USB Manager存在安全绕过问题，远程攻击者可以利用漏洞执行离线攻击尝试猜测密码。 此漏洞只存在于当密码"Re-use Threshold"策略设置为非零值才有效，目前没有详细漏洞细节提供。 0 McAfee Encrypted USB Manager 3.1 0 升级到最新版本： McAfee Encrypted USB Manager...