Exploit for Improper Input Validation in Microsoft

monikerlinktest cve-2024-21413 1. set up tun0 on router via o...

CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave...

CVE-2024-10403 SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave...

Broadcom Fabric OS 安全漏洞

Broadcom Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Broadcom, USA. A security vulnerability exists in Broadcom Fabric OS versions prior to 8.2.3e2, 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a, which stems from the ability to capture...

SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. Description The...

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

Design/Logic Flaw

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

CVE-2022-25210

CVE-2022-25210 affects the Jenkins Convertigo Mobile Platform Plugin up to version 1.1. The vulnerability arises from using static fields to store job configuration information, enabling attackers with Item/Configure permission to capture passwords for jobs that will be configured. This is descri...

lynx -- SSL certificate validation error

Axel Beckert reports: ... I was able to capture the password given on the commandline in traffic of an TLS handshake using tcpdump and analysing it with Wireshark:...

Malicious Package

grunt-radic contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Malicious Package

ember-power-timepicker contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

Plex Media Server -- Information Disclosure Vulnerability

Chris reports: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same LAN can use this vulnerability to: Access arbitrary files from the filesystem with the same permission as the...

CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS

Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...

SUSE SLED10 / SLES10 Security Update : xorg-x11-server (SUSE-SU-2013:0857-1)

In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. This update fixes this issue. CVE-2013-1940 has been assigned to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

Authentication Capture: SMB

This module provides a SMB service that can be used to capture the challenge-response password NTLMv1 & NTLMv2 hashes used with SMB1, SMB2, or SMB3 client systems. Responses sent by this service by default use a random 8 byte challenge string. A specific value such as 1122334455667788 can be set...

Intercepter-NG New Sniffing Tool

Intercepter-NG New Sniffing Tool Intercepter-NG offers the following features: + Sniffing passwords\hashes of the types: ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\TELNET\MRA\DC++\VNC\MYSQL\ORACLE + Sniffing chat messages of ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA +...

Move-2006_SP6 the latest vulnerability to obtain the administrator password-vulnerability warning-the black bar safety net

Ghost boy note: from 7j there to see, and there 7j write the received page. 7j:did not find he said the receiving page,only from have PHP write a. ? $filename = date"Ymd".". txt"; $time = @date"Y years m months d number of H points i points s seconds",time; $cookie = $POST'cookie'; $url =...

Sniffit 0.3.7 FOR NT installation and examples-vulnerabilities-warning-the black bar safety net

Sniffit 0.3.7 launched the NT version, also support WINDOWS2000, I want to hurry to try, because I A friend wanted to install Netxray 3. 0 3 in WIN2K 2000BETA3 equipped not, is probably not supported by WIN2K. So see SNIFFIT NT version I this morning to pull it down. This sniffit need WinPcap...

On WEBSHELL to elevate privileges to the point of experience-vulnerability warning-the black bar safety net

| --- | Many newcomers in the use of servu elevation of Privilege will encounter many problems, such as the default local administrator Password changed, ws, etc. the cmd is disabled, or the site root directory there is no permission to run! Many Novices will be sent to the discard, Oh, actually...