Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 ██████╗██╗ ██╗███████╗ ██╗ ██╗ ██╗...

Exploit for Stack-based Buffer Overflow in Microsoft

LongLogon · CVE-2026-41089 !CVE-2026-41089 · NVDhttps://i...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 Detector Safe detection script for CVE-2026-...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

CVE-2026-3238

Denial of service against AD DC WINS server...

UBUNTU-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

Astra Linux – Vulnerability in Samba

A vulnerability was discovered in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack components. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one...

Astra Linux – Vulnerability in Samba

A flaw was discovered in the way that a Samba, as an Active Directory Domain Controller, can support a RODC Read-Only Domain Controller. This would allow a RODC to print administrator tickets...

CLSA-2026-1777321102 Fix CVE(s): CVE-2022-26923, CVE-2022-32743

SECURITY UPDATE: Samba AD DC did not enforce the Validated-DNS-Host-Name write right, allowing an unprivileged authenticated user with machine account write access e.g. SeMachineAccountPrivilege to set the dNSHostName attribute to an arbitrary value, bypassing the MS-ADTS requirement that it matc...

Microsoft Windows Server Domain Role Detection

SMB-login based domain role detection with powershell fallback for Windows Server. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense By Maulik Maheta and Chao Sun · April 14, 2026 Executive summary A DCSync attack is one of the most formidable techniques an adversary can deploy after gaining a foothold in an Active Directory AD environmen...

SQLite 3.50.1 - Heap Overflow

Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.sqlite.org Software Link: https://www.sqlite.org/download.html Version: SQLite 3.50....

CVE-2018-19921

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...

Exploit for Deserialization of Untrusted Data in Microsoft

Incident Investigation Report Case Title: WSUS Exploi...

CLSA-2025-1766567499 Fix CVE(s): CVE-2020-1472

SECURITY UPDATE: elevation of privilege vulnerability - debian/patches/CVE-2020-1472.patch: fix vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC - CVE-2020-1472...

📄 HP ProCurve SNAC Domain Controller Shell Upload

This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...

The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR

The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR By Maulik Maheta and Chao Sun · December 17, 2025 Executive summary DCShadow is a covert post-exploitation technique that enables an attacker to impersonate a domain controller and make unauthorized,...