Lucene search
K

610 matches found

Check Point Advisories
Check Point Advisories
added 2015/02/23 12:0 a.m.5 views

Microsoft Windows Group Policy Remote Code Execution (MS15-011; CVE-2015-0008)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy receives and applies policy data when a domain-joined system connects to a domain controller. An attacker can exploit this vulnerability by convincing a victim with a...

8.3CVSS4.2AI score0.2858EPSS
Exploits4
OpenVAS
OpenVAS
added 2015/02/23 12:0 a.m.51 views

Debian Security Advisory DSA 3171-1 (samba - security update)

Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. OpenVAS Vulnerability Test $Id:...

10CVSS0.7AI score0.87636EPSS
Exploits7References1
CERT
CERT
added 2015/02/13 12:0 a.m.108 views

Microsoft Windows domain-configured client Group Policy fails to authenticate servers

Overview Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention UNC paths. Description Microsoft has released MS15-011, detailing a critical flaw in which Windows domain-configured client Group Policy fails to authenticate servers ov...

8.3CVSS6.9AI score0.2858EPSS
Exploits4References5
NVD
NVD
added 2015/02/11 3:0 a.m.25 views

CVE-2015-0008

The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remot...

8.3CVSS8AI score0.2858EPSS
Exploits4References8
Prion
Prion
added 2015/02/11 3:0 a.m.13 views

Security feature bypass

The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to...

3.3CVSS6.7AI score0.08074EPSS
Exploits4References5Affected Software5
Prion
Prion
added 2015/02/11 3:0 a.m.31 views

Remote code execution

The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remot...

8.3CVSS8.7AI score0.2858EPSS
Exploits4References8Affected Software5
Check Point Advisories
Check Point Advisories
added 2015/02/10 12:0 a.m.3 views

Microsoft Windows SMB Security Feature Bypass (MS15-014; CVE-2015-0009)

A security feature bypass vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy settings are applied when SMB signing failures occur. An attacker can exploit this vulnerability by a man-in-the-middle attack that modifies domain controller responses to client...

3.3CVSS5.9AI score0.08074EPSS
Exploits4
CNVD
CNVD
added 2015/01/23 12:0 a.m.1 views

Samba Elevation of Privilege Vulnerability

Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. The Samba AD DC allows administrators to assign user and computer account creation to certain users or groups, but fails to check the UFSERVERTRUSTACCOUNT bit...

8.5CVSS7AI score0.04264EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/01/23 12:0 a.m.34 views

Ubuntu 14.04 LTS : Samba vulnerability (USN-2481-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2481-1 advisory. Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given...

8.5CVSS7.4AI score0.04264EPSS
Exploits0References2
Slackware Linux
Slackware Linux
added 2015/01/21 3:51 a.m.27 views

[slackware-security] samba

New samba packages are available for Slackware 14.1 and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/samba-4.1.16-i486-1slack14.1.txz: Upgraded. This update is a security release in order to address CVE-2014-8143 Elevation of privilege...

8.5CVSS7.4AI score0.04264EPSS
Exploits0
OSV
OSV
added 2015/01/17 2:59 a.m.1 views

DEBIAN-CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...

8.5CVSS6.9AI score0.04264EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2015/01/17 2:0 a.m.33 views

CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...

8.5CVSS6.8AI score0.04264EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/01/16 12:0 a.m.31 views

CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...

8.5CVSS7.1AI score0.04264EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/01/16 12:0 a.m.26 views

FreeBSD : samba -- Elevation of privilege to Active Directory Domain Controller (d4f45676-9d33-11e4-8275-000c292e4fd8)

Samba team reports : In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

8.5CVSS7.2AI score0.04264EPSS
Exploits0References3
OSV
OSV
added 2015/01/16 12:0 a.m.3 views

UBUNTU-CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...

8.5CVSS7.2AI score0.04264EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2015/01/15 12:0 a.m.29 views

samba -- Elevation of privilege to Active Directory Domain Controller

Samba team reports: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UFSERVERTRUSTACCOUNT bit to be set...

8.5CVSS7.5AI score0.04264EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Symantec pcAnywhere 9.0 Weak Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1093/info Symantec pcAnywhere is shipped by default with a weak encryption scheme that is used to encrypt username and password transmittal. Therefore, usernames and password can be retrieved by anyone sniffing the networ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Microsoft Windows NT 4.0 User Shell Folders Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1042/info The registry value HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup specifies the shared startup folder for all users on a system. This key is set to be...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : samba (openSUSE-SU-2013:1787-1)

"the following security issues were fixed in samba : - ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; bso10229 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

4CVSS7.8AI score0.09017EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/03/26 12:0 a.m.32 views

Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64 (20140325)

It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. CVE-2013-4496 A flaw...

5CVSS7.4AI score0.10557EPSS
Exploits1References3
Rows per page
Query Builder