Privilege Escalation

Samba is an open-source implementation of the Server Message Block SMB or Common Internet File System CIFS protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

Cross site scripting

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

BMC Patrol Agent - Privilege Escalation Cmd Execution Exploit

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the...

BMC Patrol Agent Privilege Escalation / Command Execution Exploit

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the...

Microsoft Exchange Privilege Escalation Exploit

This module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain...

Security Updates for Exchange (February 2019)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - Multiple Vulnerabilites with the included libraries from Oracle Outside. CVE-2018-18223, CVE-2018-18224, CVE-2018-3147, CVE-2018-3217, CVE-2018-3218,...

BMC Patrol Agent Privilege Escalation Cmd Execution

This module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verfies that the password of the provided user is correct. This also means if the software is...

Microsoft Confirms Serious 'PrivExchange' Vulnerability

Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges. Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed...

CVE-2018-20735

An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if...

CVE-2018-20735

An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if...

CVE-2018-20735

BMC PATROL Agent (PatrolCli) up to version 11.3.01 is vulnerable to privilege escalation and potential domain-wide lateral movement. The PatrolCli/PATROL Agent authentication only validates the user password, not the user’s network permissions, enabling a low-privilege domain account to authentic...

PT-2019-10193 · Microsoft +1 · Windows Active Directory +1

Name of the Vulnerable Software and Affected Versions: BMC PATROL Agent versions through 11.3.01 Description: An issue in the BMC PATROL Agent allows for lateral movement and escalation of privilege inside a Windows Active Directory environment. The PatrolCli application only verifies if the...

ZOHO ManageEngine OpManager domain controller cross-site scripting vulnerability

ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software from ZOHO. domain controller is one of the domain controller components. A cross-site scripting vulnerability exists in the domain controller in versions prior to ZOHO ManageEngine OpManager 12.3 Build...

CVE-2018-19921

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...

CVE-2018-19921

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...

Design/Logic Flaw

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller...

CVE-2018-19921

CVE-2018-19921 affects Zoho ManageEngine OpManager 12.3 before build 123237. A cross-site scripting (XSS) flaw exists in the domain controller component, exposed via the domainController API. Exploitation could enable a remote attacker to inject script or HTML, potentially compromising user sessi...