Lucene search
+L

111 matches found

OSV
OSV
added 2022/08/12 6:1 p.m.15 views

CVE-2022-37397 The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...

8.3CVSS7.2AI score0.00766EPSS
Exploits0References3
NVD
NVD
added 2022/05/18 4:15 p.m.20 views

CVE-2021-3956

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller XCC firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active...

5.3CVSS0.00734EPSS
Exploits0References1
Prion
Prion
added 2022/05/18 4:15 p.m.11 views

Authentication flaw

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller XCC firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active...

4.3CVSS5.6AI score0.00734EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.8 views

PT-2022-2476

Active Directory Domain Services and Certificate Services affected versions not specified Description: This issue involves an elevation of privilege vulnerability affecting Active Directory Domain Services and Certificate Services. Successful exploitation allows attackers to impact the system and...

9CVSS9.7AI score0.83277EPSS
Exploits8References76
hivepro
hivepro
added 2022/01/24 11:5 a.m.66 views

SolarWinds Serv-U vulnerability exploited to deliver Log4j attack

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. SolarWinds is affected by a vulnerability CVE-2021-35247 due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in...

9.3CVSS0.2AI score0.99999EPSS
Exploits355
Kaspersky
Kaspersky
added 2021/11/17 12:0 a.m.32 views

KLA12348 OSI vulnerability in Microsoft Azure

An information disclosure vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2021-42306 Related products Microsoft-Active-Directory Microsoft-Azure CVE list CVE-2021-42306 unknown Solution Install...

8.1CVSS6.6AI score0.03082EPSS
Exploits0References4
CNVD
CNVD
added 2021/10/12 12:0 a.m.16 views

ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78736)

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus version 7110 and earlier are vulnerable to file uploads, which can be exploited by attackers to cause remot...

9.8CVSS5AI score0.10641EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/12 12:0 a.m.15 views

ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78730)

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions contain a file upload vulnerability that can be exploited by attackers to cause...

9.8CVSS4.9AI score0.10641EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/12 12:0 a.m.19 views

ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78734)

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

9.8CVSS7.6AI score0.10641EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/12 12:0 a.m.27 views

ZOHO ManageEngine ADManager Plus File Upload Vulnerability (CNVD-2021-78728)

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus 7110 and earlier versions contain a file upload vulnerability that can be exploited by attackers to cause...

9.8CVSS4.9AI score0.73648EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/10 12:0 a.m.18 views

Zoho ManageEngine ADManager Plus code issue vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day management tasks, such as bulk management of user accounts...

9.8CVSS2.9AI score0.09241EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/29 12:0 a.m.21 views

ZOHO ManageEngine ADManager Plus Code Execution Vulnerability

ZOHO ManageEngine ADManager Plus is a Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and help desk technicians with day-to-day administrative tasks, such as bulk management of user accounts and A...

9.8CVSS3.4AI score0.93401EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/28 12:0 a.m.19 views

ZOHO ManageEngine ADManager Plus File Upload Vulnerability

ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. ZOHO ManageEngine ADManager Plus is a file upload vulnerability that can be exploited by attackers to cause remote code execution...

9.8CVSS5.4AI score0.09241EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/07/29 9:23 a.m.29 views

Audit Logs Store LDAP Password in Plain Text

h3. Problem In Confluence, when an external LDAP directory is created/modified, Audit logs store the LDAP connection password as plain text. h3. Environment 7.4.x . h3. Steps to Reproduce 1. In Confluence, create or modify a directory as Microsoft Active Directory, Crowd, Jira etc 2. After...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/07/28 11:1 a.m.245 views

Podcast: Why Securing Active Directory Is a Nightmare

This week, Microsoft rushed out a fix for a Windows NT LAN Manager exploit dubbed “PetitPotam” that forces remote Windows systems to reveal password hashes that can be easily cracked. The frenzy begs the question: Why is securing Microsoft Active Directory AD such a nightmare? When security...

8.1AI score
Exploits0References14
CNVD
CNVD
added 2021/07/20 12:0 a.m.21 views

Zoho ManageEngine ADManager Plus Remote Code Execution Vulnerability

Zoho ManageEngine ADManager Plus is a Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO, Inc. A security vulnerability exists in Zoho ManageEngine ADManager Plus that could be exploited by attackers to execute remote code...

9.8CVSS5.8AI score0.05261EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/20 12:0 a.m.16 views

ZOHO ManageEngine ADManager Plus Cross-Site Scripting Vulnerability (CNVD-2021-60538)

ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO USA.ZOHO ManageEngine ADManager Plus has a security vulnerability, no details of the vulnerability are available...

6.1CVSS2.6AI score0.0094EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/05/18 9:30 p.m.68 views

Msldap - LDAP Library For Auditing MS AD

msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL see below Supports integrated windows authentication SSPI both with NTLM and with KERBEROS Supports channel binding for...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/05/13 12:0 a.m.25 views

Cisco Identity Services Engine Privilege Escalation (cisco-sa-ise-priv-esc-fNZX8hHj)

According to its self-reported version, Cisco Identity Services Engine Software is affected by a Privilege Escalation vulnerability. A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileg...

7.2CVSS5.6AI score0.00302EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2021/03/11 2:28 p.m.59 views

Fixing the Weakest Link — The Passwords — in Cybersecurity Today

Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized...

0.3AI score
Exploits0
Rows per page
Query Builder