Microsoft Windows HTTP to LDAP Relay

This module supports running an HTTP server which validates credentials, and then attempts to execute a relay attack against an LDAP server on the configured RHOSTS hosts. It is not possible to relay NTLMv2 to LDAP due to the Message Integrity Check MIC. As a result, this will only work with...

EUVD-2026-4974

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...

📄 Microsoft Windows File Explorer NTLM Hash Disclosure

Microsoft Windows File Explorer in Windows 10 and 11 contains a critical NTLM hash disclosure vulnerability that allows attackers to capture user authentication credentials by exploiting the automatic parsing of .library-ms files from ZIP archives, leading to potential domain compromise through...

CVE-2025-30201

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leadin...

Microsoft Windows LNK File Parsing Improper Input Validation NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of L...

CVE-2025-6444

ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

External Control of File Name or Path

Overview ServiceStack is a simple and fast alternative to WCF, MVC and Web API in one cohesive framework for all your services and web apps. Affected versions of this package are vulnerable to External Control of File Name or Path in the url parameter to the GetErrorResponse method. An attacker c...

CVE-2025-6444

ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2025-6444

ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

PT-2025-26618 · Unknown · Servicestack

Name of the Vulnerable Software and Affected Versions: ServiceStack affected versions not specified Description: This issue allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. The specific flaw exists within the implementation of the GetErrorResponse metho...

CVE-2022-29847

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host...

PT-2025-2686

Name of the Vulnerable Software and Affected Versions Mintty affected versions not specified Description The issue is related to improper input validation in Mintty's path conversion, allowing remote attackers to relay NTLM credentials on affected installations. This requires user interaction,...

PT-2023-8650 · Kyocera · Kyocera Device Manager

Name of the Vulnerable Software and Affected Versions: Kyocera Device Manager versions prior to 3.1.1213.0 Description: The issue is related to incorrect restriction of a directory path with limited access. Exploitation may allow a remote attacker to bypass the authentication process. The...

CVE-2022-29847

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host...

Progress Software WhatsUp Gold 代码问题漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability in Progress Software WhatsUp Gold versions 21.0.0 through 21.1...

Exploit for CVE-2021-1678

PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...

Plex Media Server's SSDP XML External Entity Injection Vulnerability

Plex Media Server is a multimedia entertainment player that supports multiple platforms. Plex Media Server's SSDP is vulnerable to an XML External Entity Injection vulnerability, which can be exploited by an unauthenticated attacker on the same LAN to access arbitrary files from the filesystem wi...

Microsoft Credential Security Support Provider protocol remote code execution vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Credential Security Support Provider protocol CredSSP is one of the credential security support provider protocols. A remote code execution vulnerability exists in Microsoft CredSSP. A...

Microsoft Security Bulletin MS09-042 - Important Vulnerability in Telnet Could Allow Remote Code Execution (960859)

Microsoft Security Bulletin MS09-042 - Important Vulnerability in Telnet Could Allow Remote Code Execution 960859 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The...