18 matches found
EUVD-2025-6178
Malicious code in bioql PyPI...
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...
CVE-2025-26318
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...
CVE-2025-26318
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...
CVE-2025-26318
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...
CVE-2025-26318
CVE-2025-26318 affects TSplus Remote Access (hb.exe) prior to version 17.30, enabling remote attackers to retrieve a list of domain accounts currently connected to the application. The issue is an information disclosure risk via a network-accessible component, with no authentication required and ...
SMB SID User Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB SID User Enumeration LookupSid', 'Description' = 'Determine what users exist via brute force SID lookups. This module can enumerate both loca...
CVE-2022-0564
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time...
Qlik Community 信息泄露漏洞
Qlik Community is a data analytics solution. Qlik Community suffers from an information disclosure vulnerability that originates from allowing a remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system...
SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts
SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...
CrossLinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization. This technique provides accurate results without the use of API keys, credentials, or even accessing the site directly. Formats can then be applied in the comman...
CVE-2018-7248
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it...
Code injection
The Artiva Agency Single Sign-On SSO implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the correspondin...
CVE-2014-0348
The CVE is for Artiva Agency Single Sign-On (SSO) where enabling the domain-name option allows login as a domain user using the same Windows username. Affected products: Artiva Workstation 1.3.x prior to 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5. Root cause...
Windows Gather Enumerate Domain Tokens
This module enumerates domain account tokens, processes running under domain accounts, and domain users in the local Administrators, Users and Backup Operator groups. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Microsoft IIS FTP service searches all trusted domains for user accounts
Overview The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain...
CVE-2000-0300
The CVE refers to PcAnywhere 9.x where the default encryption method is weak, enabling remote attackers to sniff and decrypt PcAnywhere or NT domain accounts. Affected software: PcAnywhere 9.x (default encryption). Root cause: use of weak default encryption in the authentication pathway. Impact: ...
PT-1998-1092 · Microsoft · Windows Nt
Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: The issue concerns Windows NT domain user or administrator accounts that have default, null, blank, or missing passwords. Recommendations: For all affected versions, ensure that strong,...