CVE-2025-12808

Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

CVE-2022-25570

Technical details (versions, root cause, impact, and fixes) are not publicly provided in the connected documents; monitor for updates.

Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install...

Fixing the Weakest Link — The Passwords — in Cybersecurity Today

Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized...

Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims

Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered...

Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...

PentestPackage - A Package of Multiple Pentest Scripts

Contents: Wordlists - Comprises of password lists, username lists and subdomains Web Service finder - Finds web services of a list of IPs and also returns any URL rewrites Gpprefdecrypt. - Decrypt the password of local users added via Windows 2008 Group Policy Preferences. rdns.sh - Runs...

Kaspersky PM 5.0.0.164 - Software Filter Vulnerability

Document Title: =============== Kaspersky PM 5.0.0.164 - Software Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=612 Release Date: ============= 2012-07-12 Vulnerability Laboratory ID VL-ID: ==================================== 612...

Kaspersky PM 5.0.0.164 - Software Filter Vulnerability

Document Title: =============== Kaspersky PM 5.0.0.164 - Software Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=612 Release Date: ============= 2012-07-12 Vulnerability Laboratory ID VL-ID: ==================================== 612...

ldap-brute NSE Script

Attempts to brute-force LDAP authentication. By default it uses the built-in username and password lists. In order to use your own lists use the userdb and passdb script arguments. This script does not make any attempt to prevent account lockout! If the number of passwords in the dictionary excee...