Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory

Akamai researchers found a privilege escalation vulnerability in Windows Server 2025 that allows attackers to compromise any user in Active Directory...

CVE-2025-0069

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a...

CVE-2025-0069

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a...

CVE-2025-0069 DLL Hijacking vulnerability in SAPSetup

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a...

Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

Overview Microsoft Windows Active Directory Certificate Services AD CS by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. Description PetitPotam is a tool to force Windows hosts to authenticate to other...

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint cybersecurity advisory is ongoing, and the...

CVE-2020-9330

Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices e.g., by using default credentials can change the LDAP connection IP...

Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/x86_64 (20131210)

A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to...

Novell eDirectory unauthenticated access to SOAP interface

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.x see note and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3866911&sliceId=1 https://vulners.com/cve/CVE-2008-0926 = Technical details : A SO...

. htaccess Backdoor-vulnerability warning-the black bar safety net

Author: GaRYwofeiwoatgmaildotcom The PHP manual,often see often new: PHP has a characteristic,will be based on apache httpd. conf. htaccess to override their php. ini settings. Just,find two of the evil attributes: ------------------------------ autoprependfile...