Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-37452PUBLISHED: 2022-08-07Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-26979PUBLISHED: 2022-08-06Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
CVE-2022-27944PUBLISHED: 2022-08-06Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
CVE-2022-2688PUBLISHED: 2022-08-06
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be...
CVE-2022-2689PUBLISHED: 2022-08-06
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch t...
User Rank: Ninja
5/31/2014 | 11:25:42 AM
If I can foster an email correspondence with anyone at the enterprise, as long as the email isn't aliased, I could possibly have your username. From there facebook could be used to pull personal data and maybe hone down the field of a password possibility if you create your own passwords. With this put into the specialized fields of a dictionary attack, it could take a lot less time to discover your password.
Now account lockouts are the next piece of security that would prevent intrusion. But if I am a hacker I do not want to go on site and try to bypass physical security as well. I would rather try and find an in remotely. Next step for me is to call the helpdesk for remote documentation. Some enterprises have multiple avenues for working remotely. Going back to my previous point about lockouts, the functionality of a remote client is to allow you to work from anywhere. Functionality is the main purpose here. Many don't have a lockout mechanism. So I can try to log in remotely as many times as I want, making my dictionary attack much more efficient. Once I have the credentials. I log in remotely during off hours, and because I don't need to change your password you may not be any the wiser.
This is all thanks to social engineering.