Lucene search
K

156 matches found

CVE
CVE
added 2021/01/12 2:44 p.m.51 views

CVE-2021-21469

Summary: CVE-2021-21469 affects SAP NetWeaver Master Data Management (MDS) on Windows. Multiple connected sources corroborate that an external operator could set custom UNC paths in the MDS server configuration, enabling an SMB relay-like attack that may lead to information disclosure. Reported a...

7.5CVSS7.6AI score0.01189EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/12 2:44 p.m.22 views

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level e.g., MDS...

5.3CVSS7.8AI score0.01189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/07/23 12:0 a.m.6 views

PT-2020-14708 · Tesla · Tesla Model 3

Name of the Vulnerable Software and Affected Versions: Tesla Model 3 vehicles affected versions not specified Description: The issue allows attackers to open a door by leveraging access to a legitimate key card and then using NFC Relay. The vendor has developed Pin2Drive to mitigate this issue...

6.5CVSS7.1AI score0.0119EPSS
Exploits1References9
The Hacker News
The Hacker News
added 2020/04/02 8:34 a.m.5 views

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt, Zoom is an efficient online video meeting...

6.1AI score
Exploits0
NVD
NVD
added 2019/05/23 4:29 p.m.14 views

CVE-2019-7097

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack...

7.5CVSS7.2AI score0.03592EPSS
Exploits0References1
Prion
Prion
added 2019/05/23 4:29 p.m.14 views

Design/Logic Flaw

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack...

5CVSS7.2AI score0.03592EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/05/23 3:43 p.m.18 views

CVE-2019-7097

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack...

7.2AI score0.03592EPSS
Exploits0References1
NVD
NVD
added 2019/03/21 4:0 p.m.13 views

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS7.5AI score0.00935EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/03/21 4:0 p.m.32 views

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

7.7CVSS7.1AI score0.00935EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/02/06 3:24 p.m.81 views

Microsoft Confirms Serious 'PrivExchange' Vulnerability

Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges. Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed...

1AI score
Exploits0References7
myhack58
myhack58
added 2019/01/25 12:0 a.m.67 views

Ship new releases of Exchange Server to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

In the majority of the use of Active Directory and Exchange Organization, Exchange servers typically have very high permissions on the Exchange Server administrators can upgrade to a domain administrator. I recently read a report from ZDI articlesCVE-2018-8581 technical details of its use, which...

5.8CVSS7.6AI score0.27558EPSS
Exploits7
n0where
n0where
added 2018/08/19 2:43 a.m.22 views

OWA for hackers: ExchangeRelayX

ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...

1.2AI score
Exploits0References1
OSV
OSV
added 2018/08/13 5:29 p.m.4 views

CVE-2018-13417

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8CVSS5.9AI score0.20695EPSS
Exploits5References2
Hacker One
Hacker One
added 2017/11/08 12:3 p.m.30 views

Rockstar Games: SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE

In this report, the researcher found that by submitting crafted SVG files, he was able to establish a listener on our server that enabled SSRF attacks. This potentially could have been pivoted to carry out more damaging attacks as well. We improved our validation of user-submitted SVG files to...

7AI score
Exploits0
CNVD
CNVD
added 2017/10/31 12:0 a.m.5 views

Gemalto HASP SRM, Sentinel HASP and Sentinel LDK Sentinel LDK NTLM Relay Attack Vulnerabilities

Gemalto HASP SRM and Sentinel HASP are both cryptographic lock drivers from Gemalto, U.S.A. Sentinel LDK is a license management tool. A security vulnerability exists in Gemalto HASP SRM, Sentinel HASP, and Sentinel LDK Sentinel LDK RTE versions prior to 7.55. An attacker could exploit this...

9.8CVSS6.7AI score0.01356EPSS
Exploits0References1
NVD
NVD
added 2017/10/04 1:29 a.m.24 views

CVE-2017-12819

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55...

9.8CVSS9.6AI score0.01356EPSS
Exploits0References3
Prion
Prion
added 2017/10/04 1:29 a.m.14 views

Design/Logic Flaw

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55...

7.5CVSS9.4AI score0.01356EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/10/03 1:0 p.m.60 views

CVE-2017-12819

CVE-2017-12819 refers to remote manipulation of the Gemalto SafeNet Sentinel language-pack updater, enabling NTLM-relay attacks for the system user in HASP SRM, Sentinel HASP and Sentinel LDK before Sentinel LDK RTE 7.55. Connected advisories corroborate remote NTLM-relay risk and advise upgradin...

9.8CVSS9.4AI score0.01356EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2016/11/22 12:0 a.m.60 views

SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan 1. ADVISORY INFORMATION Title:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/30 12:0 a.m.17 views

Google Chrome < 53.0.2785.89 Multiple Vulnerabilities

Binary data 9594.pasl...

6.1CVSS7.3AI score0.01134EPSS
Exploits0References2
Rows per page
Query Builder