14 matches found
Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0
Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx
Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...
Auxilium RateMyPet 安全漏洞
Auxilium RateMyPet is a pet photo upload and ballot system from Auxilium. Auxilium RateMyPet has a security vulnerability that stems from unvalidated file types or forced authentication, which could lead to arbitrary file uploads and remote code execution...
CVE-2025-1887
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker...
CVE-2025-1887 SMB forced authentication vulnerability in Sage 200 Spain
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker...
CVE-2025-1887
CVE-2025-1887 concerns an SMB forced authentication vulnerability in Sage 200 Spain, affected in versions prior to 2025.35.000. An authenticated attacker with administrator privileges can obtain an NTLMv2-SSP hash by redirecting a UNC path to a server under the attacker’s control. The root cause ...
Open Policy Agent 安全漏洞
Open Policy Agent OPA is an open source, general-purpose policy engine from Open Policy Agent Open Source that enables unified, context-aware policy enforcement across the stack. A security vulnerability exists in Open Policy Agent versions prior to v0.68.0 that stems from improper input validati...
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager NTLM tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database...
Dropping Files on a Domain Controller Using CVE-2021-43893
On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privilege escalation vulnerability affecting the Windows Encrypted File System EFS. The vulnerability was credited to James Forshaw of Google Project Zero, but perhaps owing to the Log4Shell atmosphere,...
Askey AP5100W Dual SIG Security Feature Issue Vulnerability
The Askey AP5100W Dual SIG is a router from China-based Askey Electronics Technology Askey. The Askey AP5100W Dual SIG suffers from a security signature issue vulnerability that stems from a faulty random number selection in the Diffie-Hellman exchange. By capturing an attempted or even failed WP...
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Software Version: 2.3 References:...
Microsoft Windows #MicrosoftWindows .library-ms Information Disclosure Vulnerability
Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as .library-ms files. The .library-ms filetype...
CVE-2009-0362
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...
CVE-2009-0362
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...