31 matches found
EUVD-2019-13491
Malware in sbrugna...
EUVD-2010-0268
Malware in sbrugna...
Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group's activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, b...
Metasploit Wrap-Up
Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...
SUSE CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...
SUSE CVE-2021-3504
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-3622
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...
AZL-7096 CVE-2021-3622 affecting package hivex for versions less than 1.3.21-1
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...
UBUNTU-CVE-2021-3622
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...
OESA-2021-1361 hivex security update
Hivex is a library for extracting the contents of Windows Registry "hive" files. It is designed to be secure against buggy or malicious registry files. Security Fixes: No description is available for this CVE.CVE-2021-3622...
Aggrokatz - An Aggressor Plugin Extension For Cobalt Strike Which Enables Pypykatz To Interface With The Beacons Remotely
aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the fil...
OESA-2021-1200 hivex security update
Hivex is a library for extracting the contents of Windows Registry "hive" files. It is designed to be secure against buggy or malicious registry files. Security Fixes: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivexopen...
AZL-6472 CVE-2021-3504 affecting package hivex for versions less than 1.3.21-1
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to...
Microsoft Windows User Profile Service Arbitrary File Deletion Vulnerability
This vulnerability allows local attackers to delete arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within handling of the...
samba: save registry file outside share as unprivileged user
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share...
Security Bulletin: Vulnerability in Open Source Samba affects IBM Netezza Host Management
Summary Open Source Samba is used by IBM Netezza Host Mangement. IBM Netezza Host Management has provided mitigation for the applicable CVE. Vulnerability Details CVEID: CVE-2019-3880 DESCRIPTION: Samba could allow a remote authenticated attacker to traverse directories on the system. An attacker...
samba: save registry file outside share as unprivileged user
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share...
Unauthorized File Write
samba is vulnerable to unauthorized file write. An improper implementation of the RPC endpoint that emulates the Windows registry service API allows an unprivileged attacker to create new registry hive file which can lead to creation of new files in the samba share...
EulerOS 2.0 SP2 : samba (EulerOS-SA-2019-1744)
According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this fl...
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions...