CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

CVE-2019-13919

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0 SP1. Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid...

Directory traversal

A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit th...

CVE-2019-0786

An elevation of privilege vulnerability exists in the Microsoft Server Message Block SMB Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'...

CVE-2019-5615

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

CVE-2019-5615 Rapid7 InsightVM Stored Credential Exposure

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

Integration Credential Status by Authentication Protocol - Valid Credentials Provided

Nessus was able to execute credentialed checks because it was possible to log in to the remote patch management system using provided credentials. TRUSTED...

CVE-2018-13804

A vulnerability has been identified in SIMATIC IT LMS All versions, SIMATIC IT Production Suite Versions V7.1 V7.1 Upd3, SIMATIC IT UA Discrete Manufacturing Versions V1.2, SIMATIC IT UA Discrete Manufacturing Versions V1.2, SIMATIC IT UA Discrete Manufacturing Versions V1.3, SIMATIC IT UA Discre...

DEBIAN-CVE-2018-19968

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

Code injection

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

CVE-2018-15759

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to...

CVE-2018-15759

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to...

Default credentials

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

CVE-2017-0913

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

Target Credential Issues by Authentication Protocol - Insufficient Privilege

Nessus was able to execute credentialed checks because it was possible to log in to the remote host using provided credentials, however the credentials were not sufficiently privileged to complete all requested checks. TRUSTED...

CVE-2017-1000087

GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part...

deluge-rpc-brute NSE Script

Performs brute force password auditing against the DelugeRPC daemon. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library. brute.credfile,...

CVE-2017-12249

A vulnerability in the Traversal Using Relay NAT TURN server included with Cisco Meeting Server CMS could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrec...

Metasploit RPC Console Command Execution

This module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali...

CVE-2017-3869

An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases...