181 matches found
CVE-2025-4235
An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...
CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password
An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...
CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password
An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...
CVE-2025-4235
The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...
Citrix Session Recording Improper Privilege Management Vulnerability
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain...
CVE-2025-23121
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2025-23121
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2025-23121
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2025-23121
A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...
CVE-2025-23121
CVE-2025-23121 affects Veeam Backup & Replication (Backup Server) with remote code execution achievable by an authenticated domain user on domain-joined servers. Public details consistently cite version pre-12.3.2.3617 as vulnerable; remediation is to upgrade to 12.3.2.3617 or newer. Multiple sou...
PT-2025-25742
Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions prior to 12.3.2.3617 Description A critical remote code execution RCE vulnerability allows authenticated domain users to execute code on the Backup Server. This vulnerability affects Veeam Backup & Replicati...
CVE-2021-37424
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover...
Vulnerability fixed in Veeam Backup & Replication
Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...
CVE-2024-22250
Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
PT-2024-8684 · Trend Micro · Trend Micro Deep Security Agent
Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: A security agent manual scan command injection issue in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected...
Microsoft Office NTLMv2 Disclosure
Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...
Error: "The domain/user does not have access to the farm" when Accessing the Management Console
Administrator account is not able to access the management console and it generates error, "the domain/user does not have access to the farm"...