Lucene search
K

18 matches found

redhatcve
redhatcve
added 2026/01/09 10:7 a.m.9 views

CVE-2019-20457

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...

9.1CVSS7.1AI score0.00734EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0711

Malware in sbrugna...

5CVSS6.3AI score0.01208EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/02/04 10:45 p.m.4 views

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

7.5CVSS6.8AI score0.00281EPSS
Exploits0References1
cve
cve
added 2024/11/07 12:0 a.m.59 views

CVE-2019-20457

The CVE-2019-20457 entry concerns Brother MFC-J491DW (firmware C1806180757). Affected component is the web interface where authentication can be bypassed to reveal the password hash. The underlying issue is that the response header after failed login attempts returns an incomplete authorization c...

9.1CVSS7.3AI score0.00734EPSS
Exploits0References4
packetstorm
packetstorm
added 2024/09/01 12:0 a.m.716 views

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...

7.8CVSS7AI score0.81802EPSS
Exploits2
nessus
nessus
added 2024/06/10 12:0 a.m.16 views

RHEL 8 : idm:DL1 (RHSA-2024:3759)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3759 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

8.8CVSS7.9AI score0.02053EPSS
Exploits1References6
hackerone
hackerone
added 2021/07/27 9:42 a.m.78 views

U.S. Dept Of Defense: [CVE-2021-29156] LDAP Injection at https://██████

Description: https://█████ is vulnerable to CVE-2021-29156 References https://hackerone.com/reports/1278050 https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS7.8AI score0.76385EPSS
Exploits5
osv
osv
added 2018/07/27 4:29 p.m.9 views

CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...

8.8CVSS8.6AI score0.01499EPSS
Exploits0References3
cve
cve
added 2018/07/27 4:0 p.m.363 views

CVE-2017-12173

CVE-2017-12173 affects sssd: the sysdb_search_user_by_upn_res() function did not sanitize requests when querying the local cache, with versions before 1.16.0 vulnerable to injection. In centralized login environments, if a password hash is cached for a user, an authenticated attacker could retrie...

8.8CVSS8.4AI score0.01499EPSS
Exploits0References3Affected Software5
nessus
nessus
added 2017/12/18 12:0 a.m.41 views

EulerOS 2.0 SP1 : sssd (EulerOS-SA-2017-1324)

According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In...

8.8CVSS6.5AI score0.01499EPSS
Exploits0References2
cvelist
cvelist
added 2014/05/08 2:0 p.m.21 views

CVE-2013-0174

The external node classifier ENC API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request...

6.8AI score0.01667EPSS
Exploits0References2
metasploit
metasploit
added 2013/06/24 7:23 p.m.259 views

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module identifies IPMI 2.0-compatible systems and attempts to retrieve the HMAC-SHA1 password hashes of default usernames. The hashes can be stored in a file using the OUTPUTFILE option and then cracked using hmacsha1crack.rb in the tools subdirectory as well hashcat cpu 0.46 or newer using...

7.5CVSS7AI score0.81802EPSS
Exploits2
zdt
zdt
added 2009/08/07 12:0 a.m.19 views

Arab Portal 2.2 (Auth Bypass) Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================= Arab Portal 2.2 Auth Bypass Blind SQL Injection Exploit ========================================================= !/usr/bin/ruby ============================================= Arab...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2006/03/25 12:0 a.m.47 views

TFT Gallery 0.10 - Password Disclosure

!/usr/bin/perl Copyright C undefined1 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This program is...

7.4AI score
Exploits0
zdt
zdt
added 2005/06/27 12:0 a.m.61 views

ASPNuke <= 0.80 (comment_post.asp) SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== ASPNuke = 0.80 commentpost.asp SQL Injection Exploit ======================================================== !/usr/bin/perl -w SQL Injection Exploit for ASPNuke = 0.80 This exploit...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2005/05/31 12:0 a.m.12 views

MyBloggie 2.1.1 2.1.2 - SQL Injection

MyBloggie 2.1.1 2.1.2 - SQL Injection !/usr/bin/perl -w SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2 This exploit show the username of the administrator of the blog and his password crypted in MD5 Related advisories: Italian...

0.5AI score
Exploits0
zdt
zdt
added 2005/05/31 12:0 a.m.146 views

MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== MyBulletinBoard MyBB .?/ && print "+ User ID is: $1\n"; print "- Unable to retrieve User ID\n" if!$1; $page = m/.?/ && print "+ MD5 hash of password is: $1\n"; print "- Unable to...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2005/03/27 12:0 a.m.10 views

phpMyFamily 1.4.0 - SQL Injection

phpMyFamily 1.4.0 - SQL Injection !/usr/bin/perl -w phpMyFamily Exploit injection ============================== $banner = "phpMyFamily Exploit injection \n\n============================== \n\nINFGPG-Hacking&Security Research"; Greats: AresU 1st IndoSec Team,ADZ Security Team has discovered bugs...

0.9AI score
Exploits0
Rows per page
Query Builder