Lucene search
K

111 matches found

BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.7 views

The vulnerability of the Microsoft Active Directory component of the Cisco Identity Services Engine (ISE) management platform for connections allows a perpetrator to increase their privileges.

The vulnerability of the Microsoft Active Directory component of the Cisco Identity Services Engine ISE management connection policies is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

4.6CVSS5.6AI score0.00302EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/11/09 8:15 p.m.15 views

Authentication flaw

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the...

7.5CVSS9.5AI score0.0152EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/11/09 7:7 p.m.61 views

CVE-2020-26542

The CVE-2020-26542 issue affects the MongoDB Simple LDAP plugin used with Percona Server (through 2020-10-02). When using SimpleLDAP with Active Directory, authentication can succeed with a blank password, granting access at the privileges of the authenticating account. The NVD notes a high impac...

9.8CVSS9.4AI score0.0152EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/11/06 7:15 p.m.18 views

CVE-2020-27122

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...

7.2CVSS4.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/06 6:15 p.m.26 views

CVE-2020-27122 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...

4.4CVSS6.2AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/11/06 6:15 p.m.10 views

CVE-2020-27122 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...

4.4CVSS6.4AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/04 4:0 p.m.29 views

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected...

4.4CVSS2.6AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/18 8:13 p.m.33 views

CVE-2020-8200

Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server...

6.3AI score0.0133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/09/18 12:0 a.m.23 views

CVE-2020-8200

Improper authentication in Citrix StoreFront Server 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. Recent assessments: kevthehermit at September 14, 2020 4:27pm UTC reported:...

6.5CVSS1.5AI score0.0133EPSS
Exploits0References2
Citrix
Citrix
added 2020/09/10 12:0 a.m.14 views

Citrix StoreFront Security Update - Security Bulletin

Description A high severity issue has been discovered in Citrix StoreFront that, if exploited, would allow an attacker who is authenticated on thesame Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. This issue has the following identifier:...

6.5CVSS6.5AI score0.0133EPSS
Exploits0
OSV
OSV
added 2020/05/21 11:15 p.m.2 views

CVE-2020-1055

A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'...

6.1CVSS5.8AI score0.01784EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/03/02 12:0 p.m.179 views

BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding...

7.5AI score
Exploits0References1
Information Security Automation
Information Security Automation
added 2019/08/12 10:58 a.m.141 views

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3

I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units OUs and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the...

6.9AI score
Exploits0
NVD
NVD
added 2018/11/14 1:29 a.m.20 views

CVE-2018-8547

A cross-site-scripting XSS vulnerability exists when an open source customization for Microsoft Active Directory Federation Services AD FS does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This...

5.4CVSS6.3AI score0.01605EPSS
Exploits0References2
0day.today
0day.today
added 2018/10/24 12:0 a.m.375 views

Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability

Microsoft Active Directory Federated Services ADFS suffers from a time-based user enumeration vulnerability. + Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source:...

Exploits0
Akamai Blog
Akamai Blog
added 2018/09/06 2:49 p.m.72 views

Getting the most out of your branch local connection

In our global world of business, organizations often have multiple branch offices spanning every country. Some of these branches are quite large with their own IT infrastructure and personnel, while some are very small with just a few employees. In the past, these branch offices were connected to...

0.5AI score
Exploits0
Prion
Prion
added 2018/07/11 12:29 a.m.18 views

Cross site scripting

A cross-site-scripting XSS vulnerability exists when an open source customization for Microsoft Active Directory Federation Services AD FS does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Directory Federation Service...

3.5CVSS5.2AI score0.02368EPSS
Exploits0References3Affected Software1
Kaspersky
Kaspersky
added 2018/07/10 12:0 a.m.418 views

KLA11288 Multiple vulnerabilities in Microsoft Development Tools

Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A tampering...

10CVSS9AI score0.39555EPSS
Exploits0References80
Symantec
Symantec
added 2018/04/10 12:0 a.m.31 views

Microsoft Active Directory CVE-2018-0890 Security Bypass Vulnerability

Description Microsoft Active Directory is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for...

2.5AI score0.04267EPSS
Exploits0Affected Software2
OSV
OSV
added 2017/10/19 5:29 p.m.4 views

CVE-2017-10270

Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware subcomponent: Microsoft Active Directory. The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracl...

8.2CVSS7.3AI score0.00487EPSS
Exploits0References3
Rows per page
Query Builder