28 matches found
Metasploit Wrap-Up 03/06/2025
New module content 3 Get NAA Credentials Authors: skelsec, smashery, and xpn Type: Auxiliary Pull request: 19712 contributed by smashery Path: admin/sccm/getnaacredentials Description: Adds an auxiliary module which performs the retrieval of Network Access Account NAA credentials from an System...
CVE-2024-21938
Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager SCCM installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2024-21938
Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager SCCM installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2024-21938
Summary: CVE-2024-21938 concerns the AMD Management Plugin for Microsoft System Center Configuration Manager (SCCM). The root cause is incorrect default permissions in the SCCM installation directory, which could let a low-privilege attacker escalate privileges and potentially achieve arbitrary c...
The vulnerability of the Intel Setup and Configuration Software (SCS) data collection tool for the System Center Configuration Manager software platform, related to improperly used standard permissions, allows a perpetrator to increase their privileges.
The vulnerability of the Intel Setup and Configuration Software SCS data collection tool for the System Center Configuration Manager IT infrastructure management software is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their...
Exploit for Race Condition in Microsoft
This is a PoC exploit for CVE-2023-36884, a vulnerability in Mic...
CMLoot - Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares
CMLoot was created to easily find interesting files stored on System Center Configuration Manager SCCM/CM SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can contains scripts/configuration files with passwords, certificates pfx,...
CVE-2020-11533
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information keying material...
Design/Logic Flaw
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager SCCM database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM...
July 9, 2019—KB4507461 (Security-only update)
July 9, 2019—KB4507461 Security-only update July 19, 2019 - IMPORTANT: Beginning with the July 2019 updates, Active Directory domain controllers will intentionally block unconstrained delegation across forest, external, and quarantined trusts. Authentication requests for services that use...
Step 9. Protect your OS: top 10 actions to secure your environment
In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...
The evolution of Microsoft Threat Protection, April update
Microsoft Threat Protection continues to energize the threat protection market with our most recent announcements. Customers are excited about the launch of Microsoft Defender Advanced Threat Protection ATP, which extends Microsoft’s best in class endpoint security to Mac and adds powerful new...
Security Update for Adobe Flash Player: April 9, 2019
Security Update for Adobe Flash Player: April 9, 2019 Summary This security update resolves vulnerabilities in Adobe Flash Player that is installed on any of the operating systems that are listed in the "Applies to" section. To learn more about these vulnerabilities, see ADV190011. More informati...
Security update for Adobe Flash Player: August 14, 2018
Security update for Adobe Flash Player: August 14, 2018 Summary This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server version 1803, Windows 10, version 1803, Windows Server 2016 version 1709, Windows 10, version 1709,...
Use Windows Information Protection (WIP) to help make accidental data leakage a thing of the past
Have you always wished you could have mobile application management MAM on Windows? Now you can! Windows Information Protection WIP is an out-of-the box data leakage prevention feature for Windows 10 that can automatically apply protection for work files and data to prevent accidental data leakag...
Do You See What I CCM?
SCCM Software Metering Reviewing forensic keyword searches can be confusing because it is often difficult for an analyst to determine the source of the various structures that contain string matches. One such structure belongs to Microsoft's System Center Configuration Manager's SCCM software...
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
This host is missing an important security update according to Microsoft Bulletin MS12-062. OpenVAS Vulnerability Test $Id: secpodms12-062.nasl 6520 2017-07-04 14:28:49Z cfischer $ Microsoft System Center Configuration Manager XSS Vulnerability 2741528 Authors: Rachana Shetty Copyright: Copyright...
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
This host is missing an important security update according to Microsoft Bulletin MS12-062. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft System Center Configuration Manager Version Detection
Detects the installed version of Microsoft System Center Configuration Manager. The script logs in via smb, searches for Microsoft System Center Configuration Manager in the registry and gets the version from SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from...
CVE-2012-2536
Cross-site scripting XSS vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."...