EUVD-2021-8743

Malicious code in bioql PyPI...

CVE-2025-55234

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...

Adobe Dreamweaver 18.0.0 < 18.2.1 / 19.0 < 19.1 Sensitive data disclosure if SMB request is subject to a relay attack (APSB19-21) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 18.2.1, 19.1. It is, therefore, affected by a vulnerability as referenced in the APSB19-21 advisory. - Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful...

Input validation

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

Microsoft Windows SMB Direct Session Takeover Exploit

This Metasploit module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. T...

Microsoft Windows SMB Direct Session Takeover

This module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. To exploit...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...

CVE-2021-21472

CVE-2021-21472 affects SAP Software Provisioning Manager 1.0 and SAP NetWeaver Master Data Management Server 7.1. The root cause is the absence of a password option during installation, allowing an authenticated attacker on the network to perform attacks such as directory traversal, password brut...

Information disclosure

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level e.g., MDS...

CVE-2021-21469

Summary: CVE-2021-21469 affects SAP NetWeaver Master Data Management (MDS) on Windows. Multiple connected sources corroborate that an external operator could set custom UNC paths in the MDS server configuration, enabling an SMB relay-like attack that may lead to information disclosure. Reported a...

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level e.g., MDS...

Rockstar Games: SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE

In this report, the researcher found that by submitting crafted SVG files, he was able to establish a listener on our server that enabled SSRF attacks. This potentially could have been pivoted to carry out more damaging attacks as well. We improved our validation of user-submitted SVG files to...

SAP NetWeaver AS JAVA - &#039;BC-BMT-BPM-DSK&#039; XML External Entity Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan 1. ADVISORY INFORMATION Title:...

Google Chrome < 53.0.2785.89 Multiple Vulnerabilities

Binary data 9594.pasl...

openSUSE Security Update : Chromium (openSUSE-2016-1080)

Chromium was updated to 53.0.2785.101 to fix a number of security issues and bugs. The following vulnerabilities were fixed: boo996648 - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free...

openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:2296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : Chromium (openSUSE-2016-2250)

Chromium was updated to 53.0.2785.89 to fix a number of security issues. The following vulnerabilities were fixed: boo996648 - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink....