Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including...

noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chain positional arguments: domain/username:password Account used to authenticate to DC. optional arguments: -h, --help show thi...

DEBIAN-CVE-2021-3670

MaxQueryDuration not honoured in Samba AD DC LDAP...

AZL-10662 CVE-2021-3670 affecting package samba 4.12.5-7

MaxQueryDuration not honoured in Samba AD DC LDAP...

CVE-2022-30216 - Authentication coercion of the Windows ?Server? service

In this blog, see how an off-by-one error could lead to domain controller access in Microsoft Server Service...

CVE-2022-30216 - Authentication coercion of the Windows “Server” service

In this blog, see how an off-by-one error could lead to domain controller access in Microsoft Server Service...

The vulnerability of the ActiveDirectory/DC database audit log management module in the Samba networking software package allows a perpetrator to trigger a service failure.

The vulnerability of the ActiveDirectory/DC log management module in the Samba networking software package is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Samba 资源管理错误漏洞

Samba is the standard Windows interoperability program suite for Linux and Unix. A resource management error vulnerability exists in versions of Samba prior to 4.16.4, which stems from the AD DC Database Audit Logging module being able to access the value of an LDAP message that has been released...

Microsoft Windows LSA Spoofing Vulnerability

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM...

SMB NULL Session Authentication (Domain Controller)

The remote host is running an SMB protocol. It is possible to log into the netlogon, lsarpc, or samr pipes using a NULL session i.e., with no login or password. Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information abo...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

Design/Logic Flaw

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

CVE-2021-32966 Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

May 10, 2022—KB5014018 (Security-only update)

May 10, 2022—KB5014018 Security-only update Summary Learn more about this security update, including improvements, any known issues, and how to get the update. IMPORTANT Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will...

Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability. The specific flaw exists within the issuance of certificates. By including...

VulnCheck KEV: CVE-2022-26925

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM...

NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2022-0058)

The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory...

Slackware: Security Advisory (SSA:2015-020-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DumpSMBShare - A Script To Dump Files And Folders Remotely From A Windows SMB Share

A script to dump files and folders remotely from a Windows SMB share. Features Only list shares with --list-shares. Select only files with given extensions with --extensions or all files. Choose the local folder to dump to with --dump-dir. Select base folder to search from in the share with...