CVE-2025-30675 Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attack...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

Cross site scripting

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

Exploit for Improper Privilege Management in Microsoft

内网渗透学习笔记 作者：chriskali Github：chriskaliX 近期，拜读了腾讯蓝军-红蓝对抗之Windows内网渗透，学到了不少知识点。打算拆分章节进行整理以及复现，主要记录自己缺失的知识点。这是一个大杂烩文章，主线是跟着jumbo师傅的思路，碰到感兴趣的，我会继续扩展。可能有点凌乱，希望大家见谅。 0x01 环境搭建 这一步略过，简单介绍一下测试的环境 |主机名|IP地址|角色|系统| |:-:|:-:|:-:|:-:| |DC|10.10.10.10|DC|DNS|Winserver 2012| |John|10.10.10.11|normal|win7|...

IceWarp Mail Server <= 10.4.4 XSS Vulnerability

IceWarp Mail Server is prone to a cross-site scripting XSS vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

CVE-2017-12844

Cross-site scripting XSS vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name...

Cross site scripting

Cross-site scripting XSS vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name...

Microsoft LAPS Tool Addresss Local Admin Password Problem

Microsoft’s release last week of the Local Administrator Password Solution LAPS takes some steps to address an old question of what to do with local admin passwords, but doesn’t provide a complete answer, experts said. Windows admins have long used a common local account with the same password on...

Microsoft Confirms Unpatched Windows Kernel Flaw

One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 1993 up to and including Windows 7 2009 — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege...

[Full-disclosure] TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking RELEASE DATE: September 4, 2006 VENDOR: Alt-N Technologies http://www.altn.com VULNERABLE: Tested on Alt-N WebAdmin v3.2.5 running with MDaemon v9.0.6, earlier versions are suspected vulnerable as wel...

MS02-001: Trusted Domain SID Remote Privilege Escalation (311401)

Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the...

Microsoft Windows 'Domain Administrators' Group User List

Using the supplied credentials, it is possible to extract the member list of the 'Domain Administrators' group. Members of this group have complete access to the Windows Domain. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10908; scriptversion"1.24";...