CVE-2026-45433

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

EUVD-2026-34251

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry

Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...

PT-2023-21549 · Sage · Sage 200 Spain

Name of the Vulnerable Software and Affected Versions: Sage 200 Spain version 2023.38.001 Description: The issue is related to plaintext credential usage, which could allow a remote attacker to extract SQL database credentials from the DLL application. This could be linked to known techniques to...

SQL Injection in phili67/ecclesiacrm

✍️ Description SQL Injection SQLi found in search section for http://YOURIP/ecclesiacrm/v2/people/list/person. A SQL Injection allows an attacker to run SQL command remotely and can extract information such as password, usernames and other sensitive data. This SQLi is a blind SQLi and doesn't...

Lsassy - Extract Credentials From Lsass Remotely

Python library to remotely extract credentials. This blog post explains how it works. You can check the wiki This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Requirements Python = 3.6 pypykatz = 0.3.0 impacket Installation From...

Authentication flaw

In all versions of ABB Power Generation Information Manager PGIM and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device...

Spectre attack variant can be remotely mounted to extract sensitive data

By ghostadmin What we know so far about Spectre attacks is that it relies upon execution of malicious code. The code is executed on computers having speculative-execution design flaws in processor chip; once a device is compromised, it becomes possible to obtain sensitive data such as passwords,...

Design/Logic Flaw

Undocumented Factory Backdoor in ECOS Secure Boot Stick aka SBS 5.6.5 allows the vendor to extract confidential information via remote root SSH access...