Lucene search
K

332 matches found

Circl
Circl
added 2023/12/18 8:27 p.m.9 views

GHSA-W8XJ-992G-842F

creationtimestamp| type| source ---|---|--- 2023-12-18 20:27:20+00:00| seen| https://t.me/ctinow/156084...

4.8AI score
Exploits0References1
Prion
Prion
added 2023/07/17 2:15 p.m.11 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0634

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service process crash via a handle without a policy name, which causes a null dereference...

5CVSS6.7AI score0.05275EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.6 views

HCL Technologies HCL Sametime 代码问题漏洞

HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6. The vulnerability stems from the fact that the user SID in the application can be modified, which can be exploited to modify the SID to enable arbitrary file...

8.2CVSS7.5AI score0.00683EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/01/04 8:19 a.m.1 views

samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

9CVSS6.8AI score0.01673EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.3 views

Samba 缓冲区错误漏洞

Samba is a set of free software from the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A buffer overflow vulnerabili...

6.8CVSS8.6AI score0.01616EPSS
Exploits0References40
GithubExploit
GithubExploit
added 2021/02/15 2:41 p.m.178 views

Exploit for CVE-2021-24085

Microsoft Exchange Server msExchEcpCanary Cross Site Request F...

6.5CVSS7.8AI score0.04627EPSS
Exploits7
Penetration Testing Lab
Penetration Testing Lab
added 2020/02/12 9:44 a.m.36 views

Persistence – RID Hijacking

Windows operating systems use the RID Relative Identifier to differentiate groups and user accounts. It is part of the Security Identifier SID and every time… Continue reading - Persistence - RID Hijacking...

4.2AI score
Exploits0
CVE
CVE
added 2020/01/02 8:33 p.m.40 views

CVE-2019-20292

Technical details about CVE-2019-20292 are not publicly provided in the supplied documents. No affected products, root cause, or remediation are disclosed. Monitor for updates from official sources.

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/08 12:0 a.m.17 views

Microsoft Windows: Network access: Allow anonymous SID/Name translation

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnaanonymoustranslation.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Network access: Allow anonymous SID/Name translation Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/05/04 12:0 a.m.16 views

Microsoft Windows 10: Accounts: Rename administrator account

The Accounts: Rename administrator account policy setting determines whether a different account name is associated with the security identifier SID for the administrator account. Because the administrator account exists on all Windows 10 for desktop editions Home, Pro, Enterprise, and Education,...

0.4AI score
Exploits0
OpenVAS
OpenVAS
added 2018/05/04 12:0 a.m.16 views

Microsoft Windows 10: Accounts: Rename guest account

The Accounts: Rename guest account policy setting determines whether a different account name is associated with the security identifier SID for the Guest account. OpenVAS Vulnerability Test $Id: win10renameguestaccount.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Accounts: Rename...

0.1AI score
Exploits0
OSV
OSV
added 2018/03/18 3:29 a.m.1 views

DEBIAN-CVE-2018-8754

The libevtrecordvaluesreadevent function in libevtrecordvalues.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub...

5.5CVSS7AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2018/03/18 3:29 a.m.3 views

UBUNTU-CVE-2018-8754

The libevtrecordvaluesreadevent function in libevtrecordvalues.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub...

6.2CVSS6AI score0.00349EPSS
Exploits0References3
CNVD
CNVD
added 2016/04/27 12:0 a.m.3 views

Multiple Vulnerabilities in Gemtek CPE7000/WLTCS-106

The Gemtek CPE7000/WLTCS-106 suffers from a SID leak, an authentication bypass vulnerability, an arbitrary file download vulnerability, and a remote root command execution vulnerability. Allows an attacker to exploit the vulnerabilities to download arbitrary files and execute root privileges...

7.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.36 views

Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20130221)

A flaw was found in the Samba suite's Perl-based DCE/RPC IDL PIDL compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. CVE-2012-1182 The samba4 packages have been upgraded to upstream...

10CVSS8.3AI score0.74034EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2011/09/15 12:0 a.m.1508 views

Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials

By emulating the call to LsaQueryInformationPolicy, it was possible to obtain the host SID Security Identifier, without credentials. The host SID can then be used to get the list of local users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56210; scriptversion"1.5"...

5CVSS5.4AI score0.481EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2010/09/14 9:39 p.m.4 views

Samba: Stack-based buffer overflow by processing specially-crafted SID records

Stack-based buffer overflow in the 1 sidparse and 2 domsidparse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted Windows Security ID SID on a file share...

7.5CVSS7.2AI score0.10546EPSS
Exploits0References4
OSV
OSV
added 2007/05/14 9:19 p.m.1 views

DEBIAN-CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user...

7.2CVSS9.1AI score0.00783EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2006/08/10 7:31 p.m.11 views

security flaw

The selinuxptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process...

2.1CVSS5.8AI score0.00427EPSS
Exploits0References4
Rows per page
Query Builder