EUVD-2025-33570

Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...

EUVD-2025-33565

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

CVE-2025-35057 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx

Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...

The vulnerability of Veeam Backup & Replication’s protection mechanisms for cloud, virtual, and physical systems stems from deficiencies in access control. This allows attackers to gain unauthorized access to the NTLM hash of the Enterprise Manager service account.

The vulnerability of Veeam Backup & Replication’s protection mechanisms for cloud, virtual, and physical systems stems from deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to the NTLM hash of the Enterprise Manager service account...

PT-2024-6472 · Veeam · Veeam Reporter Service +1

Name of the Vulnerable Software and Affected Versions: Veeam Reporter Service affected versions not specified Description: A vulnerability exists in Veeam Reporter Service that allows an attacker to access the NTLM hash of the service account. This attack requires user interaction and data...

CVE-2024-22022

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service...

CVE-2023-38549

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Vee...

CVE-2022-36555

Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a Windows ZeroLogon vulnerability. The exploit targets the Netlogon service on a Domain Controller DC and allows an attacker to set an empty password for the DC's machine account. This is achieved by exploiting the vulnerability in the Netlogon service, which allows...