CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-6117

Malware in sbrugna...

3.1CVSS7AI score0.00633EPSS

Exploits0References18

Rapid7 Blog•added 2024/02/16 8:34 p.m.•26 views

Metasploit Weekly Wrap-Up 02/16/2024

New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded...

7.3AI score

Exploits0

Pen Test Partners Blog•added 2023/11/30 6:2 a.m.•10 views

OPSEC failures when threat hunting

Over the last few years I’ve carried out a lot of phishing, and have some interesting observations on how organisations respond. However, the purpose of this blog is to highlight a worrying and amusing trend in response actions taken by the blue team and researchers when threat hunting a phishing...

7AI score

Exploits0

SUSE CVE•added 2023/02/15 5:1 a.m.•2 views

SUSE CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...

3.1CVSS8.7AI score0.00633EPSS

Exploits0References6

OSV•added 2021/03/29 6:15 p.m.•2 views

CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB...

6.5CVSS6.6AI score0.00313EPSS

Exploits1References2

Prion•added 2021/03/29 6:15 p.m.•14 views

Design/Logic Flaw

4.3CVSS6.3AI score0.00313EPSS

Exploits1References2Affected Software1

Kitploit•added 2020/10/02 11:30 a.m.•54 views

smbAutoRelay - Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

SMB AutoRelay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments. Usage Syntax: ./smbAutoRelay.sh -i -t -q -d . Example: ./smbAutoRelay.sh -i eth0 -t ./targets.txt . Notice that the targets file should contain just the IP...

7.2AI score

Exploits0References3

Kitploit•added 2018/09/11 12:23 p.m.•45 views

Firework - Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it. This tool may...

7.4AI score

Exploits0References1

Kitploit•added 2018/04/22 9:32 p.m.•279 views

WHP - Microsoft Windows Hacking Pack

M$ Windows Hacking Pack =========== Tools here are from different sources. The repo is generally licensed with WTFPL, but some content may be not eg. sysinternals. "pes" means "PE Scambled". It's useful sometimes. Remote Exploits =========== Windows 2000 / XP SP1 MS05-039 Microsoft Plug and Play...

7.8CVSS7.8AI score0.75542EPSS

Exploits13References1