610 matches found
Moderate: Red Hat Security Advisory: samba and samba3x security update
Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...
MS14-016: Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
A security feature bypass vulnerability exists in Windows due to the Security Account Manager Remote SAMR protocol incorrectly validating the user lockout state. Remote, authenticated attackers can exploit this issue to conduct brute force attacks against user passwords. Note that the host must...
Windows Gather Group Policy Preference Saved Passwords
This module enumerates the victim machine's domain controller and connects to it via SMB. It then looks for Group Policy Preference XML files containing local user accounts and passwords and decrypts them using Microsofts public AES key. Cached Group Policy files may be found on end-user devices ...
RedHat Update for samba4 RHSA-2013:1805-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for libsmbclient CESA-2013:1806 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4408
Samba vulnerability CVE-2013-4408: A heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function (librpc/rpc/dcerpc_util.c) in winbindd allows remote code execution via an invalid fragment length in a DCE-RPC packet. Affected releases: Samba 3.x before 3.6.22, 4.0.x before 4.0.13, an...
Important: Red Hat Security Advisory: samba4 security update
Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2013-4476
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...
CVE-2013-4476
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...
Design/Logic Flaw
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...
CVE-2013-4476
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...
Completely remove WSUS 3.0 approach-vulnerability warning-the black bar safety net
Upgrade the domain controller or demote a domain controller, wsus services usually fail, only by hand to completely remove wsus3. 0 and then re-install, the following is the result of several attempts later summed up the detailed operation of the steps of: 1, the...
HP ProCurve SNAC Domain Controller Credential Dumper
This module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handl...
PT-2013-5210 · Hewlett Packard · Hp Procurve Manager +1
Name of the Vulnerable Software and Affected Versions: HP ProCurve Manager versions 3.20 through 4.0 HP ProCurve Manager+ versions 3.20 through 4.0 Identity Driven Manager version 4.0 Description: The issue concerns the UpdateDomainControllerServlet in the SNAC registration server, which fails to...
Patch 3 Release Notes for Veeam Backup & Replication 6.5
More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge These are the issues resolved by the Patch 3 for Veeam Backup version 6.5.0.106 / 6.5.0.109 / 6.5.0.128. This patch is cumulative and contains fixes from Pat...
World-writeable files may be created in additional shares on a
Description Administrators of the Samba 4.0 Active Directory Domain Controller might unexpectedly find files created world-writeable if additional CIFS file shares are created on the AD DC. By default the AD DC is not vulnerable to this issue, as a specific inheritable ACL is set on the files in...
A required privilege is not held by the client
Domain Controller configuration fails with an error: A required privilege is not held by the client...
Design/Logic Flaw
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging 1...
Windows Gather Local and Domain Controller Account Password Hashes
This will dump local accounts from the SAM Database. If the target host is a Domain Controller, it will dump the Domain Account Database using the proper technique depending on privilege level, OS and role of the host. This module requires Metasploit: https://metasploit.com/download Current sourc...
ADSI Settings
Gather and store the ADSI parameters to be used in other plugins. TRUSTED...