148 matches found
CVE-2020-7984
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the...
Customer Guidance for the Dopplepaymer Ransomware
Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...
Customer Guidance for the Dopplepaymer Ransomware
Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...
Exploit for CVE-2019-1040
CVE-2019-1040-dcpwn Great writeup! Exploiting CVE-2019-1040...
Exploit for CVE-2019-1040
CVE-2019-1040 Great writeup! Exploiting CVE-2019-1040 - Comb...
CVE-2018-20735
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if...
CVE-2018-20735
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if...
CVE-2018-20735
BMC PATROL Agent (PatrolCli) up to version 11.3.01 is vulnerable to privilege escalation and potential domain-wide lateral movement. The PatrolCli/PATROL Agent authentication only validates the user password, not the user’s network permissions, enabling a low-privilege domain account to authentic...
From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter
When I first began working at Coalfire in early 2017, I couldnt wait to get started pentesting professionally for the first time. When I finally got tasked with my first gig, I dove right in. I was tasked to perform an assessment of the external network. After hitting all known servers and web...
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now
As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007. Researchers at behavioral firewall specialist Preempt discovered two...
How to Add a Domain Admin Group to Local Admin Group Using Role Based Access Control on XenMobile
This article describes how to add a group of domain admins to the local admin group within XenMobile Server so they have access to the console...
Cross site scripting
A vulnerability has been identified in IBM Cloud Orchestrator services/action/launch API. An authenticated domain admin user might modify cross domain resources via a /services/action/launch API call, provided it would have been possible for the domain admin user to gain access to a resource...
CVE-2015-7494
The CVE-2015-7494 entry relates to IBM Cloud Orchestrator: an authenticated domain admin could modify cross-domain resources via the services/[action]/launch API if able to obtain a resource identifier from another domain. The IBM bulletin details affected products (IBM Cloud Orchestrator and IBM...
Windows Gather Active Directory BitLocker Recovery
This module will enumerate BitLocker recovery passwords in the default AD directory. This module does require Domain Admin or other delegated privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
SysAid Server - Arbitrary File Disclosure
Vantage Point Security Advisory 2014-004 ======================================== Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: Summary: --- SysAid Server is vulnerable to an unauthenticated file disclosure...
Code injection
The Kerberos Key Distribution Center KDC in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a...
Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature
Overview Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain. Description CWE-347: Improper Verification of Cryptographic...
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!
Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...
0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day]
...................................... / / | | / / / / / | |/ / / / / / / ^ / / / // | / / / / || / ...................................... 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability 0day Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 -...
Owncloud 3.0.3 Clear Text Password Storage
Owncloud App "Ldap user backend" stored password in clear text Author: francesco.tornieri "At" verona-wireless.net Summary: store domain admin password in clear text Discovery date: 09/05/2012 Developer date contact : 09/05/2012 Where: From local Release Date: 11/05/2012 Criticality level: High...