3 matches found
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
PrivExchange
This is a proof-of-concept PoC tool for abusing Microsoft Exchange to obtain Domain Admin privileges. The tool, named PrivExchange, requires the Impacket library and can be used to subscribe to push notifications on Exchange Web Services, which will make Exchange connect back to the attacker and...
SysAid Server - Arbitrary File Disclosure
Vantage Point Security Advisory 2014-004 ======================================== Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: Summary: --- SysAid Server is vulnerable to an unauthenticated file disclosure...