Lucene search
K

112 matches found

Cvelist
Cvelist
added 2025/03/20 3:11 p.m.18 views

CVE-2025-23120

A vulnerability allowing remote code execution RCE for domain users...

9.9CVSS0.18335EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.29 views

Veeam Backup and Replication 12.x < 12.3.1.1139 Authenticated RCE (March 2025) (KB4724)

The version of Veeam Backup and Replication installed on the remote Windows host is 12.x prior to 12.3.1.1139. It is, therefore, affected by an authenticated remote code execution vulnerability: - A vulnerability allowing remote code execution RCE by authenticated domain users. Note: This...

9.9CVSS9.4AI score0.18335EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.6 views

PT-2025-11958

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions prior to 12.3.1 Description A deserialization flaw exists in Veeam Backup & Replication, where the application improperly handles serialized data. This allows an authenticated domain user or a member of the...

9.9CVSS7.8AI score0.18335EPSS
Exploits1References152
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.144 views

VMWare Enumerate User Accounts

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Enumerate User Accounts', 'Description' = %Q This module will log into the Web API of VMWare and try to enumerate all the user accounts. I...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.259 views

Kerberos Domain User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/kerberos' class MetasploitModule 'Kerberos Domain User Enumeration',...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/07/09 12:0 a.m.22 views

CVE-2024-39031

In Silverpeas Core = 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when...

0.00767EPSS
Exploits2References2
Metasploit
Metasploit
added 2024/06/25 7:55 p.m.453 views

MS-NRPC Domain Users Enumeration

This module will enumerate valid Domain Users via no authentication against MS-NRPC interface. It calls DsrGetDcNameEx2 to check if the domain user account exists or not. It has been tested with Windows servers 2012, 2016, 2019 and 2022. Module Options msf use auxiliary/scanner/dcerpc/nrpcenumuse...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2024/06/12 8:18 a.m.40 views

CVE-2024-3183 Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS0.02053EPSS
Exploits1References12
CVE
CVE
added 2024/06/12 8:18 a.m.140 views

CVE-2024-3183

CVE-2024-3183 affects FreeIPA and relates to Kerberos TGS-REQs: tickets for a target principal are encrypted with that principal’s key, which for user principals is derived from a per-principal salt and password. If a principal is compromised, an attacker could offline-brute-force passwords for o...

8.1CVSS7.8AI score0.02053EPSS
Exploits1References13Affected Software5
RedHat Linux
RedHat Linux
added 2024/06/10 3:48 p.m.11 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/06/10 3:8 p.m.3 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/06/10 2:28 p.m.9 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/06/10 2:4 p.m.8 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2024/06/10 12:0 a.m.26 views

Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service...

8.8CVSS6.9AI score0.02053EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS7.4AI score0.18285EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.33 views

Rocky Linux 8 : samba (RLSA-2021:5082)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5082 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wi...

8.5CVSS6.7AI score0.01953EPSS
Exploits0References7
Citrix
Citrix
added 2023/09/13 12:0 a.m.7 views

Citrix Workspace App Shows as Blank Page for Domain Users

Domain users can launch app/desktop via web successfully 2. Cannot see the add account page of Citrix WorkSpace App...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.37 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the...

9CVSS8.1AI score0.74042EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.5 views

SUSE CVE-2015-2752

The XENDOMCTLmemorymapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service host CPU consumption via a crafted request to the device model qemu-dm...

4.9CVSS6.2AI score0.00453EPSS
Exploits0References7
Kitploit
Kitploit
added 2023/01/11 11:30 a.m.98 views

PowerHuntShares - Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains

PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights t...

7.6AI score
Exploits0References4
Rows per page
Query Builder