231 matches found
CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
MAL-2022-6317 Malicious code in storagefileshare (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ba880ef78e28b679db29d5c97b2b5ce64ad028a61a1e16da13bc888f59cc43f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d0a4f5d8db5bb3e95f30e50e14b8f32f3a84fa54a5d638eee19679f83040554 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1382 Malicious code in azure-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d0a4f5d8db5bb3e95f30e50e14b8f32f3a84fa54a5d638eee19679f83040554 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in perf-storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea0ff6e1544a452407d2b6c971abab8ad445cfc1c60561a46398601578a271e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5297 Malicious code in perf-storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea0ff6e1544a452407d2b6c971abab8ad445cfc1c60561a46398601578a271e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in perf-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 041159bc94527c81f2176bfabd7db5944278ebcd81b3a63f6d179c8e069971d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5296 Malicious code in perf-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 041159bc94527c81f2176bfabd7db5944278ebcd81b3a63f6d179c8e069971d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7120b7a5dde3b0d526b62436e0943de69e9f1cb19237210975b085341c466430 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6312 Malicious code in storage-file-share-track-1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7120b7a5dde3b0d526b62436e0943de69e9f1cb19237210975b085341c466430 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @azure-tests/perf-storage-file-share (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92f1ca86e3f847c379b16056e4a77a941e1c763dcdb7d4eaed2e6393179b2bdf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Lnkbomb - Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares
Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smbserver to gather NTLMv1 or...
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest tSmbNtlmAuthChallenge and tSmbNtlmAuthResponse read and write operations as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
...
SharpML - Machine Learning Network Share Password Hunting Toolkit
SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...
Vulnerability fixed in Pulse Connect Secure
A vulnerability has been fixed in Pulse Connect Secure. A authenticated malicious person could potentially abuse it to execute arbitrary code under root privileges. To do this, however, the user must have the rights to view a Samba SMB share via the "Windows File Share Browser" functionality. Sin...
Unspecified Vulnerability in Nextcloud (CNVD-2021-39031)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a public link that can be added as a federated file share. An attacker could use this...
CVE-2021-32654
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public...
CVE-2021-32654
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public...