Lucene search
K
PacketstormRecent

50738 matches found

Packet Storm
Packet Storm
added 2024/05/31 12:0 a.m.292 views

Check Point Security Gateway Information Disclosure

Exploit Title: Check Point Security Gateway - Information Disclosure Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 Version: R77.20 EOL, R77.30 EOL, R80.10 EOL, R80.20 EOL, R80.20.x, R80.20SP EOL, R80.30 EOL, R80.30SP EOL, R80.40...

5CVSS6.5AI score0.99978EPSS
Exploits52
Packet Storm
Packet Storm
added 2024/05/31 12:0 a.m.220 views

iMLog Cross Site Scripting

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/31 12:0 a.m.459 views

changedetection 0.45.20 Remote Code Execution

Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Date: 5-26-2024 Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import impor...

7.5CVSS7.1AI score0.83722EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.268 views

ORing IAP-420 2.01e Cross Site Scripting / Command Injection

CyberDanube Security Research 20240528-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| ORing IAP-420 vulnerable version| 2.01e fixed version| - CVE number| CVE-2024-5410, CVE-2024-5411 impact| High homepage|...

7.2AI score0.234EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.261 views

Akaunting 3.1.8 Server-Side Template Injection

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cre...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.262 views

Progress Flowmon 12.3.5 Local sudo Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Flowmon Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Flowmon. Certa...

7.5CVSS7AI score0.93901EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.285 views

Akaunting 3.1.8 Client-Side Template Injection

Exploit Title: Akaunting 3.1.8 - Client Side Template Injection CSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 1 Login with admin cred and go to : Currencies New Currency...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.246 views

Aquatronica Control System 5.1.6 Password Disclosure

!/usr/bin/env python -- coding: utf-8 -- Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Vendor: Aquatronica s.r.l. Product web page: https://www.aquatronica.com Affected version: Firmware: 5.1.6 Web: 2.0 Summary: Aquatronica's electronic AQUARIUM CONTROLLER is easy to use, allowing...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/29 12:0 a.m.355 views

Flowmon Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in Progres...

7.5CVSS7AI score0.93901EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/28 12:0 a.m.374 views

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...

7.4AI score0.00604EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/05/28 12:0 a.m.331 views

Eclipse ThreadX Buffer Overflows

-- HNS-2024-06 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Eclipse ThreadX OS: Eclipse ThreadX Date: 2024-05-28 CVE IDs and severity: CVE-2024-2214 - High - 7.0 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-2212 - High - 7.3 -...

5.1CVSS7.4AI score0.00902EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/05/28 12:0 a.m.573 views

Siemens CP-XXXX Series Exposed Serial Shell

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Serial Shell on multiple PLCs product: Siemens CP-XXXX Series CP-2014, CP-2016, CP-2017, CP-2019, CP-5014 vulnerable version: All hardware revisions fixed version...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/27 12:0 a.m.281 views

ElkArte Forum 1.1.9 Remote Code Execution

Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Date: 2024-5-24 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/24 12:0 a.m.375 views

4BRO Insecure Direct Object Reference / API Information Exposure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken access control & API Information Exposure product: 4BRO App vulnerable version: before 2024-04-17 fixed version: 2024-04-17 CVE number: - impact: Critical homepage...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/24 12:0 a.m.352 views

Jcow Social Network Cross Site Scripting

Exploit Title: Jcow Social Networking 14.2 3 After Send invitations you will be see alert button...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/24 12:0 a.m.409 views

Debezium UI 2.5 Credential Disclosure

Exploit Title: Debezium UI - Credential Leakage Google Dork: N/A Date: 2024-03-11 Exploit Author: Ihsan Cetin, Hamza Kaya Toprak Vendor Homepage: https://debezium.io/ Software Link: N/A Version: 2.5 REQUIRED Tested on: N/A CVE : CVE-2024-28736 Proof of concept: Details Debezium-ui version 2.5 is...

7.4AI score0.02531EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/05/23 12:0 a.m.435 views

FleetCart 4.1.1 Information Disclosure

Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 13/05/2024 Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Window...

5CVSS7.2AI score0.18768EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/05/22 12:0 a.m.439 views

AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVideo WWBNIndex Plugin Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote code execution RCE vulnerability ...

7.1AI score0.15635EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/05/22 12:0 a.m.450 views

NorthStar C2 Cross Site Scripting / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NorthStar C2 XSS to Agent RCE', 'Description' = %q NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the log...

7.4AI score0.78158EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/05/22 12:0 a.m.442 views

Chat Bot 1.0 SQL Injection

Titles: Chat Bot - PHP by: oretnom23 v1.0 Multiple SQLi Author: nu11secur1ty Date: 05/22/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/21 12:0 a.m.390 views

Joomla 4.2.8 Information Disclosure

!/bin/bash Exploit Title: Joomla! \n" exit 1 else echo -e "\n Joomla! out.tmp echo -e "\ni Database info:\n" echo -e "+ DB Type: $sed -E 's/."dbtype":"^"+"./\1/' out.tmp" echo -e "+ DB Host: $sed -E 's/."host":"^"+"./\1/' out.tmp" echo -e "\e92m+ DB User: $sed -E 's/."user":"^"+"./\1/' out.tmp\e0...

5CVSS7.4AI score0.99827EPSS
Exploits43
Packet Storm
Packet Storm
added 2024/05/21 12:0 a.m.541 views

Nethserver 7 / 8 Cross Site Scripting

CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting XSS in WebTop package Suggested description The WebTop package for NethServer 7 and 8 allows stored XSS for example, via the Subject field if an e-mail message. ------------------------------------------ Additional Information NethServe...

7.4AI score0.01191EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/05/21 12:0 a.m.367 views

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chaos RAT XSS to RCE', 'Description' = %q CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to...

7.4AI score0.80454EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.280 views

PopojiCMS 2.0.1 Remote Command Execution

Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Date: 14/04/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.335 views

Tenant Limited 1.0 SQL Injection

Titles: TENANT-LIMITED-1.0 SQLi Author: nu11secur1ty Date: 05/20/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.321 views

Rocket LMS 1.9 Cross Site Scripting

Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...

7.1AI score0.00762EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.349 views

Backdrop CMS 1.27.1 Remote Command Execution

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os impor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.298 views

Apache OFBiz 18.12.12 Directory Traversal

Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/20 12:0 a.m.342 views

WordPress XStore Theme 9.3.8 SQL Injection

Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Version: 5.3.5 Tested on: Windows10 CVE: CVE-2024-33559 Poc POST /?s=%27%3B+SELECT++FROM+wpposts%3B+-- HTTP/1.1 Host: example.com User-Agent:...

6.4CVSS7.1AI score0.03553EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.584 views

SAP Cloud Connector 2.16.1 Missing Validation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...

7.4CVSS7.1AI score0.00544EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.422 views

Zope 5.9 Command Injection

Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.1329 views

Cacti 1.2.26 Remote Code Execution

---------------------------------------------------------------- Cacti = 1.2.26 import.php Remote Code Execution Vulnerability ---------------------------------------------------------------- - Software Link: https://cacti.net - Affected Versions: Version 1.2.26 and prior versions. - Vulnerabilit...

9.1CVSS9.4AI score0.86303EPSS
Exploits17
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.432 views

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AsyncRat Vulnerability: Arbitrary Code Execution Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.333 views

CrushFTP Directory Traversal

Exploit Title: CrushFTP Directory Traversal Google Dork: N/A Date: 2024-04-30 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://www.crushftp.com/ Software Link: https://www.crushftp.com/download/ Version: below 10.7.1 and 11.1.0 as well as legacy 9.x Tested...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.368 views

Apache mod_proxy_cluster Cross Site Scripting

import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...

7.4AI score0.02242EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.304 views

TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code Execution Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.312 views

Leafpub 1.1.9 Cross Site Scripting

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.336 views

Plantronics Hub 3.25.1 Arbitrary File Read

Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...

7.4AI score0.01673EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.313 views

Chyrp 2.5.2 Cross Site Scripting

Chyrp 2.5.2 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/chyrp/ Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip Version: 2.5.2 Tested on: MacOS Steps to Reproduce - Login from the address:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.364 views

Prison Management System Using PHP SQL Injection

Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass Date: 15/03/2024 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html Tested on: Windows ,XAMPP CVE :...

7.4AI score0.0081EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/05/13 12:0 a.m.259 views

Esteghlal F.C. Cross Site Scripting

EXPLOIT XSS Esteghlal F.C. باشگاه فوتبال استقلال تهران Site https://fcesteghlal.ir suffers from a remote XSS vulnerability. This security incident was reported by the SOC and Maher team and prevention centers and was ignored this site has not responded to their reports so we are posting this to a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/13 12:0 a.m.247 views

Kemp LoadMaster Local sudo Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kemp LoadMaster Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Kemp LoadMaster...

10CVSS7.4AI score0.95388EPSS
Exploits9
Packet Storm
Packet Storm
added 2024/05/13 12:0 a.m.260 views

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/13 12:0 a.m.245 views

Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Scripting XSS Family: SmokeLoader Type: Web...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.384 views

RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access

-- HNS-2024-07 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in RIOT OS OS: RIOT Date: 2024-05-07 CVE ID and severity: CVE-2024-31225 - High CVE-2024-32017 - Critical CVE-2024-32018 - High low-severity vulnerabilities were not assigned a CVE ID Vendor...

9.8CVSS7.4AI score0.01476EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.508 views

Clinic Queuing System 1.0 Remote Code Execution

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

9.8CVSS7.4AI score0.20938EPSS
Exploits6
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.368 views

Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel Amadey.d.c Vulnerability: Cross Site Scripting XSS Family: Amadey Type: Web Panel MD...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.349 views

POMS PHP 1.0 SQL Injection / Shell Upload

Titles: POMS-PHP-by oretnom23 -v1.0-FU-SQLi-RCE-HAT.TRICK 1. SQLi Bypass Authentication 2. File Upload 3. RCE Latest update from the vendor: 5 hours 32 minutes ago Author: nu11secur1ty Date: 05/07/2024 Vendor: https://github.com/oretnom23 Software:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.361 views

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping XSS flaws in Drupal-Wiki Affected Products Drupal Wiki 8.31 Drupal Wiki 8.30 older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt used...

7.4AI score0.00625EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/05/09 12:0 a.m.1584 views

Microsoft PlayReady Complete Client Identity Compromise

Hello All, We have come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client Windows SW DRM scenario for the communication with a license server and identity purposes. More specifically, we successfully demonstrated the extraction of the...

7.4AI score
Exploits0
Total number of security vulnerabilities50738