82 matches found
NTLM Relay to Self (HTTP to LDAP) - Post Exploitation
This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate via...
CVE-2026-11774
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
UBUNTU-CVE-2026-11774
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
EUVD-2026-36293
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
Linux Distros Unpatched Vulnerability : CVE-2026-11774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packe...
PT-2026-48701
Name of the Vulnerable Software and Affected Versions 389 Directory Server 389-ds-base affected versions not specified Description An integer overflow exists in the SASL I/O layer within the sasl io start packet function. When a crafted SASL packet length prefix of 0xFFFFFFFC is processed, adding...
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
EUVD-2026-21902
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
CVE-2026-35337
CVE-2026-35337 — Apache Storm Deserialization of Untrusted Data via Kerberos TGT Credential Handling. Affected: Storm before 2.8.6. Summary: processing topology credentials submitted to Nimbus Thrift API deserializes base64-encoded TGT blobs with ObjectInputStream.readObject() without class filte...
MiracleLinux 7 : ipa-4.6.8-5.10.0.1.el7.AXS7 (AXSA:2021-2791:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2791:05 advisory. samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets CVE-2020-25719 Tenable has extracted the preceding description block directly...
EUVD-2014-5240
Malware in sbrugna...
EUVD-2006-4381
Malware in sbrugna...
EUVD-2006-4385
Malware in sbrugna...
EUVD-2014-4371
Malware in sbrugna...
EUVD-2010-0046
Malware in sbrugna...
EUVD-2017-16502
Malware in sbrugna...
EUVD-2025-18495
Malicious code in bioql PyPI...
EUVD-2024-27199
Malicious code in bioql PyPI...
TencentOS Server 4: freeipa (TSSA-2025:0546)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0546 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2025-4404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the...