610 matches found
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found...
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found...
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found...
Authentication flaw
DISPUTED Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they ha...
CVE-2023-35854
The CVE-2023-35854 vulnerability affects Zoho ManageEngine ADSelfService Plus up to and including version 6113, via an authentication bypass in a critical function that can enable an attacker to steal a domain controller session token and impersonate a domain administrator. Affected component: au...
PT-2023-3487 · Zoho · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADSelfService Plus versions through 6113 Description: The issue is related to an authentication bypass in a critical function, which can be exploited to steal the domain controller session token for identity spoofing. This...
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found...
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found...
Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including...
OESA-2023-1232 samba security update
Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.CVE-2023-0922...
New Strain of Rorschach Ransomware Targeting US- Firms
By Deeba Ahmed Rorschach ransomware boasts advanced encryption technology and can spread automatically on the machine if executed on a domain controller. This is a post from HackRead.com Read the original post: New Strain of Rorschach Ransomware Targeting US- Firms...
AZL-26697 CVE-2023-0614 affecting package samba 4.12.5-7
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...
samba 安全漏洞
Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in samba that stems from the AD DC administration tool, samba-tool, which sends passwords in clear text...
PT-2023-2253 · Samba +6 · Samba +6
Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: The issue is related to the Samba AD DC administration tool sending new or reset passwords over a signed-only connection when operating against a remote LDAP server. This could allow a remote...
FindUncommonShares - A Python Equivalent Of PowerView's Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains
The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domai...
Debian: Security Advisory (DLA-1539-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K15642: Samba vulnerability CVE-2013-4476
Security Advisory Description Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local...
SUSE CVE-2007-4572
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests...
SUSE CVE-2007-6015
Stack-based buffer overflow in the sendmailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON...
SUSE CVE-2016-0771
The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from process memory by...