346 matches found
📄 Microsoft Windows XRM-MS NTLM Hash Disclosure
Microsoft Windows suffers from another NTLM hash disclosure vulnerability. This time it is related to the xrm-ms file type. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.tx...
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.txt x.com/hyp3rlinx ISR: ApparitionSec Vendor www.microsoft.com Product .xrm-ms File Type Vulnerability Type NTLM Hash...
CVE-2025-30444
A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination...
CVE-2025-30444
A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination...
CVE-2025-30444
CVE-2025-30444 is a race condition in macOS that was addressed by improved locking. It is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. The issue can be triggered by mounting a maliciously crafted SMB network share and may lead to system termination. The provided doc...
CVE-2025-30444
A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination...
CVE-2025-30444
A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination...
PT-2025-13976 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.5 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description: A race condition was addressed with improved locking. Mounting a maliciously crafted SMB network share may lead to system...
Apple macOS 竞争条件问题漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that originates from mounting a specially crafted SMB network share could result in system termination...
SUSE CVE-2025-2312
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...
CVE-2024-40717
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...
CVE-2024-40717
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...
CVE-2024-40717
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution RCE by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privilege...
CVE-2024-40717
CVE-2024-40717 affects Veeam Backup & Replication (12.x prior to 12.3.0.310). A low-privileged user with certain roles can update an existing job and configure pre/post scripts (potentially on a network share) that run with elevated privileges, enabling remote code execution by scheduling near-im...
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Summary The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, if a file:/ URL is directly given where a relative path resource name is...
USN-6950-1 linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...
CVE-2024-39206
An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key...
Citrix CDFControl Service How to Save Logs On A UNC Network Share
Sometimes it may be necessary to save trace data to a shared network folder, for example, crash/hang issues with non-persistent VDAs or due to local disk space constraints...
PT-2024-28386 · Msp360 · Msp360 Backup Agent
Name of the Vulnerable Software and Affected Versions: MSP360 Backup Agent versions 7.8.5.15 through 7.9.4.84 Description: An issue in the software allows attackers to obtain network share credentials used in a backup. This is due to the enginesettings.list being encrypted with a hard-coded key...
CVE-2024-39206
An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key...