EUVD-2017-0533

Malware in sbrugna...

EUVD-2019-5959

Malware in sbrugna...

EUVD-2023-54034

Malicious code in bioql PyPI...

MaxQueryDuration not honoured in Samba AD DC LDAP

...

Exploit for CVE-2020-1472

!Pythonpython-shield CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation Description A Python script which uses the Impacket library to test for CVE-2020-1472 - Zerologon vulnerability credits to Secura research. The flaw stems from the Netlogon Remote Protocol, available...

Linux Distros Unpatched Vulnerability : CVE-2020-25721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kerberos acceptors need easy access to stable AD identifiers eg objectSid. Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID...

Linux Distros Unpatched Vulnerability : CVE-2020-25718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to...

New 'Curly COMrades' APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. "They repeatedly tried to extract the NTDS database from domain controllers --...

CVE-2005-3173

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions...

CVE-1999-1593

Windows Internet Naming Service WINS allows remote attackers to cause a denial of service connectivity loss or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are...

Debian DSA-5015-1 : samba - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5015 advisory. Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, and login server for Unix, may map domain users to local users in an undesired way. This could allo...

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

About Remote Code Execution - Windows Lightweight Directory Access Protocol LDAP CVE-2024-49112. The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare , and a...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. UPDATE: Researchers have published proof of concept PoC code demonstrating the vulnerability with attribute CVE-2024-49113. Successful exploitation requires the malicious party to have access to both a DC with LDAP and a rogue server under their own...

FAS - Users from 2-way trusted domain getting "incorrect username or password" on VDA login

Users from primary domain are able to be authenticated without issue. Users from Domain B, which is in a different forest and is trusted via 2-way trust, can authenticate with the storefront without issue. However, when launching a resource the CWA eventually loads a small window indicating the t...

RHEL 4 : samba (RHSA-2016:0625)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0625 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

The vulnerability of the 1C-Bitrix website content management system, related to insufficient protection of registration data, allows a hacker to gain access to the domain controller’s account information.

The vulnerability of the 1C-Bitrix website content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to the account information of the domain controller...

CVE-2020-25722

...

CVE-2019-3870

...

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

Microsoft Exchange Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange Privilege Escalation Exploit', 'Description' = %q This module exploits a privilege escalation vulnerability found in Microsoft...