Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-6178

Malicious code in bioql PyPI...

5.8CVSS6.6AI score0.00836EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.7 views

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...

6.8CVSS5.5AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/06 2:42 a.m.17 views

CVE-2025-26318

hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...

5.8CVSS6AI score0.00836EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/04 12:0 a.m.31 views

CVE-2025-26318

hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...

5.8CVSS0.00836EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/04 12:0 a.m.10 views

CVE-2025-26318

hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application...

5.8CVSS6.1AI score0.00836EPSS
Exploits1References1
CVE
CVE
added 2025/03/04 12:0 a.m.55 views

CVE-2025-26318

CVE-2025-26318 affects TSplus Remote Access (hb.exe) prior to version 17.30, enabling remote attackers to retrieve a list of domain accounts currently connected to the application. The issue is an information disclosure risk via a network-accessible component, with no authentication required and ...

5.8CVSS6.1AI score0.00836EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.204 views

SMB SID User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB SID User Enumeration LookupSid', 'Description' = 'Determine what users exist via brute force SID lookups. This module can enumerate both loca...

7.4AI score
Exploits0
OSV
OSV
added 2022/02/21 6:15 p.m.5 views

CVE-2022-0564

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time...

5.3CVSS6.1AI score0.01356EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.4 views

Qlik Community 信息泄露漏洞

Qlik Community is a data analytics solution. Qlik Community suffers from an information disclosure vulnerability that originates from allowing a remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system...

5.3CVSS5.9AI score0.01356EPSS
Exploits0References7
Kitploit
Kitploit
added 2021/09/28 11:30 a.m.25 views

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts

SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...

7.8AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/23 12:30 p.m.60 views

CrossLinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization. This technique provides accurate results without the use of API keys, credentials, or even accessing the site directly. Formats can then be applied in the comman...

7.2AI score
Exploits0References3
OSV
OSV
added 2018/05/11 2:29 p.m.6 views

CVE-2018-7248

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it...

5.3CVSS5.8AI score0.06427EPSS
Exploits1References3
Prion
Prion
added 2014/04/15 10:55 a.m.17 views

Code injection

The Artiva Agency Single Sign-On SSO implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the correspondin...

3.5CVSS7.3AI score0.00884EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2014/04/15 10:0 a.m.42 views

CVE-2014-0348

The CVE is for Artiva Agency Single Sign-On (SSO) where enabling the domain-name option allows login as a domain user using the same Windows username. Affected products: Artiva Workstation 1.3.x prior to 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5. Root cause...

3.5CVSS7AI score0.00884EPSS
Exploits0References1Affected Software4
Metasploit
Metasploit
added 2011/10/27 12:54 a.m.53 views

Windows Gather Enumerate Domain Tokens

This module enumerates domain account tokens, processes running under domain accounts, and domain users in the local Administrators, Users and Backup Operator groups. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

0.4AI score
Exploits0
CERT
CERT
added 2001/09/18 12:0 a.m.28 views

Microsoft IIS FTP service searches all trusted domains for user accounts

Overview The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain...

5CVSS6.5AI score0.20961EPSS
Exploits0References3
CVE
CVE
added 2000/04/26 4:0 a.m.57 views

CVE-2000-0300

The CVE refers to PcAnywhere 9.x where the default encryption method is weak, enabling remote attackers to sniff and decrypt PcAnywhere or NT domain accounts. Affected software: PcAnywhere 9.x (default encryption). Root cause: use of weak default encryption in the authentication pathway. Impact: ...

10CVSS7.1AI score0.05887EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 1998/10/01 12:0 a.m.6 views

PT-1998-1092 · Microsoft · Windows Nt

Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: The issue concerns Windows NT domain user or administrator accounts that have default, null, blank, or missing passwords. Recommendations: For all affected versions, ensure that strong,...

7.2CVSS6.2AI score0.17301EPSS
Exploits3References5
Rows per page
Query Builder