35 matches found
CVE-2026-33566
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...
CVE-2026-33566
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...
CVE-2026-33566
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...
PT-2026-35276
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...
How-to Restore Lost Access to Cache Database After Using Custom SSL Certificate
Article Applicability This article is relevant only if the Veeam ONE deployment uses a custom SSL certificate, and not the one generated by the Veeam ONE installer. The error shown in the challenge section can also occur if the Veeam ONE Caching Service cannot access the PostgreSQL instance that...
CVE-2025-34091
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...
CVE-2025-34091
Rejected reason: Neither filed by Chrome nor a valid security vulnerability...
CVE-2025-34091
...
PVS Server: Windows Event logging for UEFI target Devices Boot Time inaccurate
The customer had built a new UEFI based vdisk and deployed it to production. The customer subsequently observed that the PVS Servers were recording a clearly inaccurate boot time, of millions of minutes, in Windows Event logs when target devices were booting. Example inaccurate boot time logged i...
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Vulnerability
Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage: https://www.kiwisyslog.com/ Softwar...
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs...
IBM QRadar WinCollect Agent Resource Management Error Vulnerability
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. A resource management error vulnerability exists in IBM QRadar WinCollect Agent that stems from vulnerability to server-side request forgery attacks. No detailed...
Persistence – Event Log
Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are… Continue reading - Persistence - Event Log...
IBM QRadar WinCollect Agent 信息泄露漏洞
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. An information disclosure vulnerability exists in IBM QRadar WinCollect Agent. The vulnerability stems from the application's inadequate protection of sensitive...
EDRaser - Tool For Remotely Deleting Access Logs, Windows Event Logs, Databases, And Other Files
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual. Automated Mode In automated mode, EDRaser scans the C class of a given address space of IPs for vulnerable syste...
Published Desktop session stuck at grey screen on session launch
Published Desktop session stuck at grey screen on session launch. You may see Citrix CTXUVI error events in Windows system Event logs with ID 1003/1005 on Citrix VDAs CTXUVI Driver Injection failure...
IBM QRadar WinCollect Agent 安全漏洞
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM that collects and sends Windows event logs. A security vulnerability exists in IBM QRadar WinCollect Agent versions 10.0 through 10.1.3. An attacker could exploit the vulnerability to elevate system privilege...
ThreatHound - Tool That Help You On Your IR & Threat Hunting And CA
This tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results. New Release Features: support windows ThreatHound.exe C for Linux based new vesion available in C also now you can save results in json file or print on screen it as you want by arg...
Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...
IBM QRadar WinCollect Agent 安全漏洞
BM QRadar WinCollect Agent is an agent program for collecting and sending Windows event logs from IBM, U.S. An information disclosure vulnerability exists in BM QRadar WinCollect Agent, which stems from a lack of best practices and can be exploited by attackers to gain access to sensitive...