EUVD-2023-55519

Malicious code in bioql PyPI...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

CVE-2023-50786

CVE-2023-50786 affects Dradis 4.16.0 and earlier, where references to external HTTPS images are allowed instead of forcing embedded images. This can enable an authorized author to attempt theft of Net-NTLM hashes from other authors on a Windows domain network. Remediation: upgrade to a version th...

Privilege Escalation

thunderbird is vulnerable to privilege escalation.The maintenance service grants SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service...

CVE-2021-29951

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

Security Vulnerabilities fixed in Thunderbird 78.10.1 — Mozilla

The Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also exposed atta...

SQL Injection Vulnerability in Website Building System **ws.asp of Anshan China Domain Network Technology Co.

Ltd. hereinafter referred to as Anshan in the domain network was registered in early 2007, is a main website building, website construction business of high-tech network companies. Ltd. website building system ws.asp SQL injection vulnerability, attackers can use the vulnerability to obtain...

Windows Defender Firewall: Domain Profile: Apply local firewall rules

The policy determines whether the local firewall rules are merged with GP settings when connected to a domain network. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the...

Microsoft Windows: Prohibit use of Internet Connection Sharing on your DNS domain network

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winncshowsharedaccessui.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prohibit use of Internet Connection Sharing on your DNS domain network Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Situational Awareness

A common step in the life-cycle of a red team engagement is to gather as much information is possible for the compromised environments and the domain network. This activity is often called situational awareness and there is no defined list of commands that a red teamer should execute. However all...

Windows Gather Credential Store Enumeration and Decryption Module

This module will enumerate the Microsoft Credential Store and decrypt the credentials. This module can only access credentials created by the user the process is running as. It cannot decrypt Domain Network Passwords, but will display the username and location. This module requires Metasploit:...