CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

EUVD-2001-0016

Malware in sbrugna...

DEBIAN-CVE-2024-8250

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file...

GSS-NTLMSSP 缓冲区错误漏洞

GSS-NTLMSSP is gssapi open source a mechglue plugin that implements the NTLM authentication GSSAPI library . GSS-NTLMSSP version 1.2.0 before the buffer error vulnerability , the vulnerability stems from the length of the two elements avpair may trigger an out-of-bounds read is not properly check...

PT-2020-19068 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP Netweaver AS ABAP versions 700 through 754 Description: The issue allows an attacker to perform a Server Side Request Forgery Attack by using inappropriate path names containing malicious server names in the import/export of sessions...

AZL-44409 CVE-2016-2110 affecting package samba 4.18.3-2

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

samba: Man-in-the-middle attacks possible with NTLMSSP authentication

Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or...

UBUNTU-CVE-2013-1590

Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service application crash via a malformed packet...

DEBIAN-CVE-2011-1143

epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted .pcap file...

Vulnerability in RPC Could Allow Denial of Service (933729)

This host is missing a critical security update according to Microsoft Bulletin MS07-058. OpenVAS Vulnerability Test $Id: gbms07-058.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerability in RPC Could Allow Denial of Service 933729 Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks Gmb...

PT-2005-2453 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal versions prior to 0.10.11 Description: The issue affects multiple dissectors in Ethereal, including AIM, LDAP, FibreChannel, GSM MAP, SRVLOC, and NTLMSSP. These vulnerabilities allow remote attackers to cause a denial of service,...

PT-2003-1406 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.9 and earlier Description: A heap-based buffer overflow issue exists in the NTLMSSP code, which can be exploited by remote attackers to cause a denial of service and potentially execute arbitrary code. Recommendations: F...

CVE-2001-0016

NTLM Security Support Provider NTLMSSP service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access...

Local promotion in NT4's NTLM Security Support Provider

BindView Security Advisory -------- Local promotion vulnerability in NT4's NTLM Security Support Provider Issue Date: February 7, 2001 Contact: [email protected] Topic: Local promotion vulnerability in NT4's NTLM Security Support Provider Overview: Due to a flaw in the NTLM Security Suppo...