111 matches found
The vulnerability of the Microsoft Active Directory component of the Cisco Identity Services Engine (ISE) management platform for connections allows a perpetrator to increase their privileges.
The vulnerability of the Microsoft Active Directory component of the Cisco Identity Services Engine ISE management connection policies is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
Authentication flaw
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the...
CVE-2020-26542
The CVE-2020-26542 issue affects the MongoDB Simple LDAP plugin used with Percona Server (through 2020-10-02). When using SimpleLDAP with Active Directory, authentication can succeed with a blank password, granting access at the privileges of the authenticating account. The NVD notes a high impac...
CVE-2020-27122
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...
CVE-2020-27122 Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...
CVE-2020-27122 Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...
CVE-2020-8200
Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server...
CVE-2020-8200
Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. Recent assessments: kevthehermit at September 14, 2020 4:27pm UTC reported:...
Citrix StoreFront Security Update - Security Bulletin
Description A high severity issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on thesame Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. This issue has the following identifier:...
CVE-2020-1055
A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'...
BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding...
How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3
I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units OUs and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the...
CVE-2018-8547
A cross-site-scripting XSS vulnerability exists when an open source customization for Microsoft Active Directory Federation Services AD FS does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This...
Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability
Microsoft Active Directory Federated Services ADFS suffers from a time-based user enumeration vulnerability. + Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source:...
Getting the most out of your branch local connection
In our global world of business, organizations often have multiple branch offices spanning every country. Some of these branches are quite large with their own IT infrastructure and personnel, while some are very small with just a few employees. In the past, these branch offices were connected to...
Cross site scripting
A cross-site-scripting XSS vulnerability exists when an open source customization for Microsoft Active Directory Federation Services AD FS does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Directory Federation Service...
KLA11288 Multiple vulnerabilities in Microsoft Development Tools
Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A tampering...
Microsoft Active Directory CVE-2018-0890 Security Bypass Vulnerability
Description Microsoft Active Directory is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for...
CVE-2017-10270
Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware subcomponent: Microsoft Active Directory. The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracl...