Lucene search
K

23 matches found

Metasploit
Metasploit
added 2026/04/07 7:1 p.m.315 views

AD/CS Authenticated Web Enrollment Services Module

Authenticates to the AD/CS Web enrollment service and allows the user to query templates and create certificates based on available templates. Module Options msf use auxiliary/admin/http/webenrollmentcert msf auxiliarywebenrollmentcert show actions ...actions... msf auxiliarywebenrollmentcert set...

6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.5 views

SUSE CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet's certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.3 views

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.3AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 7:40 p.m.6 views

EUVD-2026-8828

Fleet: Authorization Bypass in certificate template batch deletion for team administrators...

5.1CVSS5.2AI score0.00191EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 7:40 p.m.4 views

GHSA-5JVP-M9H4-253H Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

7.1CVSS5.5AI score0.00191EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/26 7:40 p.m.7 views

Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Summary A broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Impact Fleet supports certificate templates that are scoped to individual teams. In affected...

6.5CVSS5.3AI score0.00191EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/26 6:18 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the certificate template batch deletion process. An attacker can remove certificate templates belonging to other teams by supplying arbitrary team identifiers and template IDs to the API endpoint...

6.5CVSS6AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 3:16 a.m.7 views

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:49 a.m.4 views

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/26 2:49 a.m.2 views

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

5.1CVSS5.3AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 2:49 a.m.53 views

CVE-2026-25963

Fleet is an open source device management platform. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could let a team administrator delete certificate templates belonging to other teams within the same Fleet instance. The affected flow validat...

6.5CVSS5.3AI score0.00191EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/26 2:49 a.m.24 views

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

5.1CVSS0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 2:49 a.m.5 views

CVE-2026-25963 Fleet: Authorization Bypass in certificate template batch deletion for team administrators

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

5.1CVSS5.8AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22116

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s certificate template deletion API had a broken authorization check. This allowed a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. T...

9.9CVSS6.9AI score0.22162EPSS
Exploits68References140
Rapid7 Blog
Rapid7 Blog
added 2025/08/01 6:16 p.m.5 views

Metasploit Wrap-Up 08/01/2025

ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.171 views

Misconfigured Certificate Template Finder

class MetasploitModule 'Misconfigured Certificate Template Finder', 'Description' = %q This module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/06/02 4:20 p.m.46 views

Metasploit Weekly Wrap-Up

AD CS certificate templates Our very own Spencer McIntyre has developed a new module that allows for creating, reading, updating and deleting certificate template objects from Active Directory. ESC4 Exploitation These changes notably enables the exploitation of the technique identified as ESC4...

4.3CVSS6.9AI score0.55367EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2022/11/11 9:16 p.m.46 views

Metasploit Weekly Wrap-Up

ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...

7.7AI score0.02846EPSS
Exploits0
Metasploit
Metasploit
added 2022/11/07 7:50 p.m.995 views

Misconfigured Certificate Template Finder

This module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used to enroll in that certificate template. Additionally the module will also print out a...

5.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/08/26 5:10 a.m.17 views

Living off the land, AD CS style

Introduction Unless you have been living under a rock for the last year or so, Active Directory Certificate Services AD CS abuse continues to be a hot topic in offensive security, ever since the excellent research released by Will Schroeder @harmj0y and Lee Christensen @tifkin. I, like many, have...

7.6AI score
Exploits0
Rows per page
Query Builder