105 matches found
PT-2020-3668
Name of the Vulnerable Software and Affected Versions Microsoft Windows Server versions prior to the fixed version Description An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...
RHEL 6 : kernel (RHSA-2016:1664)
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20160412) (Badlock)
Security Fixes : - Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
samba: SAMR and LSA man in the middle attacks
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD. Any authenticated DCE/RPC connection that a client initiates against a server could be used by a...
Cumulative Update for Windows 10: April 12, 2016
Cumulative Update for Windows 10: April 12, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10 and resolves the following vulnerabilities in Windows: 3148531 MS16-037: Cumulative Security Update for Internet Explorer 3148532 MS16-038: Cumulative...
CloudBees Jenkins CI and LTS Remote Code Execution Vulnerability
CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A remot...
Windows Pass-Through Authentication Methods Improper Validation
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Windows Pass-Through Authentication Methods Improper Validation 1. Advisory Information Title: Windows Pass-Through Authentication Methods Improper Validation Advisory ID: CORE-2015-0005 Advisory URL:...
Microsoft Windows Security Account Manager Remote协议安全限制绕过漏洞
BUGTRAQ ID: 66012 CVECAN ID: CVE-2014-0317 Windows是一款由美国微软公司开发的窗口化操作系统。 Security Account Manager Remote SAMR协议没有正确验证用户锁定状态,在实现上存在安全功能绕过漏洞。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 厂商补丁: Microsoft ---------...
CVE-2014-0317
The Security Account Manager Remote SAMR protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for...
EUVD-2014-0355
The Security Account Manager Remote SAMR protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for...
MS14-016: Vulnerability in Security Account Manager Remote (SAMR) protocol could allow security feature bypass: March 11, 2014
Resolves a vulnerability in Windows that could allow a security feature bypass if an attacker makes multiple attempts to match passwords to a username.IntroductionThis update resolves a vulnerability in Windows that could allow a security feature bypass if an attacker makes multiple attempts to...