Security
Headlines
HeadlinesLatestCVEs

Headline

Dumping RDP Credentials

Administrators typically use Remote Desktop Protocol (RDP) in order to manage Windows environments remotely. It is also typical RDP to be enabled in systems that…

Continue reading → Dumping RDP Credentials

Pentestlab
#Credential Access#Credentials#DPAPI#Hooking#Mimikatz#mstsc#Password#RDP#svchost

Related news

Dangerous uXSS bug in Google Chrome’s ‘New Tab’ page bypassed security features

‘Chrome’s NTP only has a really weak CSP that doesn’t mitigate XSS’

Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features

‘Chrome’s NTP only has a really weak CSP that doesn’t mitigate XSS’

CVE-2021-42369: public-vulnerabilities/Imagicle/CVE at master · dawid-czarnecki/public-vulnerabilities

Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.

CVE-2021-34413: Security Bulletin

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.

CVE-2021-34413: CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.5)

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.

CVE-2021-29752: Security Bulletin: IBM® Db2® is vulnerable to an information disclosure, exposing remote storage credentials to privileged users under specific conditions.(CVE-2021-29752)

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

Pentestlab: Latest News

Web Browser Stored Credentials