ShellExploit

This project is no longer supported PowerSploit is a col...

EUVD-2001-0016

Malware in sbrugna...

The vulnerability in the implementation of the Credential Security Support Provider (CredSSP) protocol of the Microsoft Windows operating system allows a perpetrator to enhance their privileges.

The vulnerability of the Credential Security Support Provider CredSSP protocol implementation in the Microsoft Windows operating system lies in the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the NTLM Security Support Provider implementation in the Windows operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the NTLM Security Support Provider in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

CVE-2023-24900 Windows NTLM Security Support Provider Information Disclosure Vulnerability

...

CVE-2023-24900

CVE-2023-24900 corresponds to a Windows NTLM Security Support Provider Information Disclosure Vulnerability. The provided documents confirm the vulnerability title and CVSS 3.1 base metrics (5.9, MEDIUM) with Network attack vector and no user interaction, but do not supply detailed root-cause des...

Windows NTLM Security Support Provider Information Disclosure Vulnerability

...

PT-2023-2692 · Microsoft · Windows Ntlm Security Support Provider +1

Name of the Vulnerable Software and Affected Versions: Windows NTLM Security Support Provider affected versions not specified Description: The issue is related to the implementation of the NTLM Security Support Provider protocol in the Windows operating system, which lacks protection for service...

DragonCastle - A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process

A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a DLL to the target machine. Then it enables remote registry to modify AutodialDLL entry and start/restart BITS service. Svchosts would load our DLL, set again AutodiaDL...

Information disclosure

Windows Security Support Provider Interface Information Disclosure Vulnerability...

Windows Security Support Provider Interface Information Disclosure Vulnerability

...

CVE-2022-38043

No additional technical details about CVE-2022-38043 are provided in the connected documents. The sources only reiterate the vulnerability name/description. Monitor for updates and verify affected products, root cause, and fixes when new information is published.

squid: buffer-over-read in SSPI and SMB authentication

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure...

squid: buffer-over-read in SSPI and SMB authentication

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure...

CVE-2022-24454

Windows Security Support Provider Interface Elevation of Privilege Vulnerability...

CVE-2022-24454

Windows Security Support Provider Interface Elevation of Privilege Vulnerability...

Privilege escalation

Windows Security Support Provider Interface Elevation of Privilege Vulnerability...

CVE-2022-24454

Technical details for CVE-2022-24454 are not publicly provided in the supplied documents. No affected product/version/impact/fix details are present here. Monitor for updates.

Microsoft Windows Multiple Vulnerabilities (KB5007206)

This host is missing a critical security update according to Microsoft KB5007206 SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

...