CVE-2026-33566

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

CVE-2026-33566

CVE-2026-33566 is a cypher injection issue in LogonTracer prior to v2.0.0. When specially crafted Windows event log data is loaded, the contents of the database may be altered. The issue is documented across multiple sources (NVD, CVE List, JVN) and is addressed by updating to LogonTracer v2.0.0....

Windows Service for User (S4U) Scheduled Task Persistence Event Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

EUVD-2011-2753

Malware in sbrugna...

EUVD-2011-0782

Malware in sbrugna...

The vulnerability of the Windows operating system’s event log allows a hacker to trigger a memory buffer overflow and re-write the XML log generated by the task scheduler.

The vulnerability of Windows operating system event logs is related to insufficient checking of values in XML log fields. Exploiting this vulnerability can allow an attacker to cause a memory buffer overflow in the event log and re-write it by sending a specially crafted XML file...

MAL-2025-191933 Malicious code in win32evtlog (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4aba891520e5d5ae607dd5069c1f70512a339cbfeca374b680328cf1e406d3ad Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

The vulnerability of the EVTX IrisEVTXModule file processing module arises from incorrect restrictions on the path name of the restricted directory. This allows attackers to execute arbitrary code or perform Server Side Template Injection (SSTI) attacks.

The vulnerability of the EVTX IrisEVTXModule file processing module is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform Server Side Template Injection SSTI attacks...

PT-2024-15605 · Code Projects +1 · Code-Projects Fighting Cock Information System +1

Name of the Vulnerable Software and Affected Versions: code-projects Fighting Cock Information System version 1.0 Windows Event Log affected versions not specified Description: A critical issue has been identified, allowing for SQL injection through the manipulation of the type feed argument in t...

Unable to open license error recorded in Windows event log

The Windows Event Log frequently shows an error that the license cannot be opened. The following error appears when adding a Citrix license file .lic and checking the event log. Source: CitrixLicensing Event ID: 20754 Error: Unable to open license file. Please ensure that the file exists and is...

Joining Server Group failed with error "Exception attempting to authorize, TCP error code 10060"

Joining the Server Group failed with the following errors. Studio UI: Please refer to the Windows Event Log on the Authorizer details. Windows Event Log: Citrix Cluster Join Service,1,2201,"Join failed. Exception attempting to authorize. Could not connect to...

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service DoS. The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol MS-EVEN, which enables...

Sealighter - Easy ETW Tracing for Security Research

I created this project to help non-developers dive into researching Event Tracing for Windows ETW and Windows PreProcessor Tracing WPP. Features Subscribe to multiple ETW and WPP Providers at once Automatically parse events into JSON without needing to know format Robust Event filtering including...

Phant0m - Windows Event Log Killer

Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concer...

New Microsoft Sysmon report in VirusTotal improves security

Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage,...

Oracle Auditing Part 2: Mandatory and Fine-Grained Auditing

This is the second of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant if you choose to use Pure Unified Auditing. Unified Auditing will be covered in the third part of this series an...

CBS Removed Package Enumeration (Windows Event Log Tool)

Binary data wevtutilremovedpackages.nbin...

FsPro Labs Event Log Explorer XML Entity Injection Vulnerability

FsPro Labs Event Log Explorer is a log analysis software. The software is mainly used to view, analyze and monitor events recorded in the Microsoft Windows Event Log. An XML external entity injection vulnerability exists in FsPro Labs Event Log Explorer version 4.6.1.2115. A remote attacker can...

LogonTracer - Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name or an IP address and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occur...

DCSYNCMonitor - Monitors For DCSYNC And DCSHADOW Attacks And Create Custom Windows Events For These Events

This tool is an application/service that can be deployed on Domain controllers to alert on Domain Controller Syncronization attempts. When an attempt is detected, the tool will write an event to the Windows Event Log. These events can be correlated in a SIEM. In addition, this tool can take a lis...