CVE-2024-8365 Vault Leaks AppRole Client Tokens And Accessor in Audit Log

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being...

CVE-2024-39674

Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability...

CVE-2023-51740 Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

Personify360 7.5.27.6.1 - Improper Access Restrictions

Personify360 7.5.27.6.1 - Improper Access Restrictions Exploit Title: Access and read and create vendor / API credentials in plaintext Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE :...

Tracking Devices Latest Privacy Risk to Users

Update: TrackR has responded to Rapid7’s disclosure. First, it said it has addressed the authentication issue months ago, but the deprecated call remained online even though it was no longer used by its apps. “We are grateful that Rapid7 brought this possible point of confusion to our attention; ...

RHEL 6 : samba (RHSA-2016:0015)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0015 advisory. Samba is an open-source implementation of the Server Message Block SMB or Common Internet File System CIFS protocol, which allows...

3 6 0 the end of the tour the ultimate firepower“stealth”,“the spike”, etc. vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction Before sent over a patch a generic D3D game buck perspective plug-in, a buddy because the stock Duvet cover, with a plug-in to play the ultimate firepower of boredom, a do nothing level is too dishes light has a perspective or abused, please I helped him the whole point of the...

iScripts SocialWare (id) Remote SQL Injection Vulnerbility

Exploit for unknown platform in category web applications ========================================================== iScripts SocialWare id Remote SQL Injection Vulnerbility ==========================================================...

AlstraSoft Forum Pay Per Post Exchange 2.0 SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Forum Pay Per Post SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz &...