11 matches found
EUVD-2026-35033
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...
ROS-20251124-07
Vulnerability of WINS name resolution server implementation of Samba networking software package exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending a specially crafted request ...
Exploit for CVE-2025-10230
CVE-2025-10230 CVE-2025-102...
CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
Samba 操作系统命令注入漏洞
Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...
Samba OS Command Injection Vulnerability
Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...
SUSE-SU-2025:03603-1 Security update for samba
This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280...
UBUNTU-CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC
No description provided by source. !-- Secur-I Research Group - Proof-of-Concept ========================================================================== Title: Cross-Site Request Forgery in SWAT Samba Web Administration Tool Vulnerable versions: Samba 3.0.x - 3.5.9 inclusive Fixed version: Sam...
VulnCheck KEV: CVE-2009-1923
Heap-based buffer overflow in the Windows Internet Name Service WINS component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow...
CVE-2009-1923
Heap-based buffer overflow in the Windows Internet Name Service WINS component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow...