Lucene search
+L

52 matches found

Microsoft CVE
Microsoft CVE
added 2024/10/15 7:0 a.m.5 views

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

...

4.3CVSS6.5AI score0.00719EPSS
Exploits0
CISA
CISA
added 2024/09/26 12:0 p.m.8 views

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

Today, the Australian Signals Directorate Australian Cyber Security Centre ASD ACSC, the Cybersecurity and Infrastructure Security Agency CISA, and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromiseslink is external. This guide...

7.1AI score
Exploits0References2
Penetration Testing Lab
Penetration Testing Lab
added 2024/02/20 7:25 a.m.14 views

AS-REP Roasting

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading - AS-REP Roasting...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.8 views

PT-2023-29442 · 1E · 1E Client Mac +1

Name of the Vulnerable Software and Affected Versions: 1E Client versions prior to the version with patch Q23094 1E Client Mac versions prior to v8.1.2.62 1E Client Mac versions between v8.1 and v23.11 exclusive Description: In the affected version of the 1E Client, an ordinary user could subvert...

8.8CVSS8.5AI score0.00705EPSS
Exploits0References10
NVD
NVD
added 2023/07/11 6:15 p.m.27 views

CVE-2023-36871

Azure Active Directory Security Feature Bypass Vulnerability...

6.5CVSS7.8AI score0.01168EPSS
Exploits0References1
Trellix
Trellix
added 2022/05/06 12:0 a.m.14 views

Five Eyes Alliance Advisory & Using Threat Intelligence

Trellix Global Defenders: Five Eyes Alliance Advisory and Using Threat Intelligence to Protect Against Future Attacks By Taylor Mullins · May 6, 2022 Evolving intelligence continues to indicate that the Russian government is exploring options to launch cyberattacks in retaliation against...

0.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/11 11:41 p.m.25 views

GitHub CLI can execute a git binary from the current directory

Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...

2.5AI score
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2021/06/28 9:32 a.m.49 views

A week in security (June 21 – June 27)

Last week on Malwarebytes Labs: Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11 Atomic research institute breached via VPN vulnerability Hotel staff bust Hermes SMS scammer with suspiciously large number of cables City of Liège hit by...

0.4AI score
Exploits0
CNVD
CNVD
added 2021/06/07 12:0 a.m.12 views

SQL Injection Vulnerability in Tianrongxin Webpage Tampering Prevention System

Web anti-tampering system is a protection product specially researched and developed for website tampering attacks. The main function of the system is to provide all-around protection for the Web site directory through the underlying file driving technology, preventing hackers, viruses and other...

7.6AI score
Exploits0
Veracode
Veracode
added 2021/03/16 12:18 a.m.26 views

Information Disclosure

courier-authlib is vulnerable to information disclosure. The vulnerability exists due to a /run/courier/authdaemon directory with weak permissions...

7.5CVSS1.2AI score0.01276EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/02/03 5:15 p.m.35 views

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

7.1CVSS0.00468EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/02/03 4:59 p.m.38 views

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

7.2AI score0.00468EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.8 views

openGauss: Restricting the Permission for the ${GAUSSHOME}/bin Directory

The $GAUSSHOME/bin directory stores database binary files. To prevent them from being tampered or damaged and protect customer information from security threats, this directory must be protected and deny unauthorized user access. Copyright C 2020 Greenbone Networks GmbH Some text descriptions mig...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2020/09/29 5:26 p.m.13 views

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...

10CVSS7.1AI score0.99512EPSS
Exploits75
CNVD
CNVD
added 2020/09/17 12:0 a.m.6 views

SCADAPack 7x Remote Connect Path Traversal Vulnerability

SCADAPack is a Schneider-electric intelligent field controller that combines the monitoring and communication capabilities of a Remote Terminal Unit RTU with the processing and data logging capabilities of a Programmable Logic Controller PLC to provide superior functionality for remote processes...

5.5CVSS6.9AI score0.00883EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.7 views

The vulnerability of the Environment Mgmt Console component in the Oracle PeopleSoft Enterprise PeopleTools business application suite, due to insufficient input data validation, allows attackers to modify, add, or delete data, or cause system downtime or service failures.

The vulnerability of the Security component of the Oracle Unified Directory application for simplified deployment in the Oracle Fusion Middleware software is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to modify, add, or delete data...

8.1CVSS7.7AI score0.01022EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/15 12:0 a.m.8 views

The vulnerability of the TIFFWriteDirectorySec function in software for viewing, editing, and converting TIFF files is related to pointer assignment errors, which allows an attacker to cause a service failure.

The vulnerability of the TIFFWriteDirectorySec function in software for viewing, editing, and converting TIFF files is related to the use of a zero pointer. Exploiting this vulnerability allows an attacker to cause service interruptions remotely...

6.5CVSS6.5AI score0.03613EPSS
Exploits1References17Affected Software7
Kitploit
Kitploit
added 2019/09/06 9:54 p.m.220 views

PingCastle - Get Active Directory Security At 80% In 20% Of The Time

The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment a...

7.7AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.12 views

The vulnerability of the fetch module in the Ansible configuration management system arises from incorrect restrictions on the path to the restricted-access directory. This allows attackers to gain unauthorized access to information and compromise its integrity.

The vulnerability of the fetch module in the Ansible configuration system is related to an incorrect path limitation for the restricted access directory. Exploiting this vulnerability could allow a local attacker to gain unauthorized access to information and compromise its integrity by copying a...

4.2CVSS5.8AI score0.00522EPSS
Exploits0References10Affected Software6
OPENSUSE Linux
OPENSUSE Linux
added 2018/09/25 6:32 p.m.61 views

Security update for php5-smarty3 (moderate)

This update for php5-smarty3 fixes the following issues: - CVE-2018-16381: Prevent traversal vulnerability due to insufficient template code sanitization that allowed attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

5.5AI score0.00707EPSS
Exploits1References1
Rows per page
Query Builder