TGT2Admin-

🎭 RBCDExploit - Resource-Based Constrained Delegation Attack...

ROS-20260323-73-0031

A vulnerability in the ksmbdsmb2checkmessage function of the fs/smb/server/smb2misc.c module of the Linux kernel SMB server support is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

SUSE-SU-2026:0951-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7 RT)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: - CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. - CVE-2025-40258: mptcp: fix race condition in...

Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7 RT)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. CVE-2025-40258: mptcp: fix race condition in...

Security update for

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.13 fixes various security issues The following security issues were fixed: CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. CVE-2025-40258: mptcp: fix race condition in...

Security update for

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. CVE-2025-38488: smb: client: fix use-after-free in...

SUSE-SU-2026:20918-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

SUSE-SU-2026:20760-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

OPENSUSE-SU-2026:20404-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0903-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0903-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect...

SUSE-SU-2026:0911-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

PT-2026-25833

Name of the Vulnerable Software and Affected Versions Sonos Era 300 affected versions not specified Description The Sonos Era 300 is affected by an out-of-bounds access issue related to SMB responses, potentially leading to remote code execution. The issue was discovered by dmdung of STAR Labs SG...

comp5003-sweeny-pentest

COMP5003: Sweeny Barbers Penetration Test Full ethical hackin...

curl: SMB READ_ANDX DataOffset not validated

Summary: in smbrequeststate case SMBDOWNLOAD curl reads two server-controlled fields from a READANDX response and uses them to decide where in the receive buffer file data starts. c / lib/smb.c / len = Curlread16leconst unsigned char msg + sizeofstruct smbheader + 11; off = Curlread16leconst...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

Microsoft Windows 11 24H2 NTLM Relay Orchestrator Privilege Escalation

This Metasploit module checks the SMB Signing status on remote targets. If signing is not required, the target is vulnerable to NTLM Relay attacks. It serves as an automated pre-flight check for relay operations...

📄 Microsoft Windows 11 SMB Local Privilege Escalation

Proof of concept for CVE‑2025‑33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...

SUSE CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

DEBIAN-CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...