6 matches found
CVE-2025-59775
CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...
CVE-2025-11696
CVE-2025-11696 affects Rockwell Automation Studio 5000 Simulation Interface via the API. Connected sources confirm two local vulnerabilities: (1) a local SSRF that lets any Windows user trigger outbound SMB requests to capture NTLM hashes, and (2) a local code execution issue (via path traversal)...
Emsisoft Anti-Malware 安全漏洞
Emsisoft Anti-Malware is an anti-virus software from Emsisoft New Zealand. The software has features such as malware protection and virus protection. A security vulnerability exists in versions prior to Emsisoft Anti-Malware 2024.12, which stems from a scanning module that allows Net-NTLMv2 hash...
VulnCheck KEV: CVE-2025-52488
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...
ZOHO ManageEngine ADSelfService Plus 安全漏洞
An information disclosure exists in Zoho ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A vulnerability exists in Zoho ManageEngine ADSelfService Plus, which stems from the disclosure of...
UBUNTU-CVE-2016-5166
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...