Microsoft - NTLMv2 Hash Capture

Titles: Microsoft - NTLMv2 Hash Capture Author: nu11secur1ty Date: 2026-05-27 Vendor: Microsoft Software: Windows Shell File Explorer Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-32202 Description: A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv...

📄 Windows Shell LNK Spoofing / NTLMv2 Hash Capture

A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv2 hashes without user interaction. By crafting a malicious .lnk shortcut file with a UNC path pointing to an attacker-controlled SMB server, the target's Windows system automatically sends an NTLMv2...

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability

About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...

📄 Peyara Remote Mouse 1.0.1 Shell Upload / Code Execution

The Peyara Remote Mouse desktop control software exposes an unauthenticated file upload endpoint, along with an unauthenticated WebSocket control channel. An attacker can upload arbitrary files including .LNK shortcuts to the victim environment and trigger command execution via simulated...

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 - WebDAV Remote Code Execution RCE PoC & C2 S...

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. "Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileg...

EUVD-2005-0520

Malware in sbrugna...

EUVD-2025-28860

Malicious code in bioql PyPI...

SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in SpecialFolderDatablock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the location...

CVE-2025-9491

CVE-2025-9491 is a Microsoft Windows LNK file UI misrepresentation vulnerability. The flaw lies in how Windows handles .LNK/shortcuts, where crafted whitespace padding can hide malicious command-line arguments from the target user’s view, enabling arbitrary code execution in the context of the cu...

Linux Distros Unpatched Vulnerability : CVE-2018-12098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The liblnkdatablockread function in liblnkdatablock.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer...

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...

📄 Microsoft Internet Shortcut Malicious URL

This Metasploit module exploits CVE-2025-33053 by generating a malicious .URL file pointing to a trusted LOLBAS binary with parameters designed to trigger unintended behavior. Optionally, a payload is generated and hosted on a specified WebDAV directory. When the victim opens the shortcut, it wil...

CVE-2025-47160 Windows Shortcut Files Security Feature Bypass Vulnerability

...

CVE-2019-19731

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...

UBUNTU-CVE-2025-3033

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox 137 and Thunderbird 137...

The vulnerability of the .LNK-file processing mechanism in Windows operating systems allows a hacker to secretly execute arbitrary operating system commands.

The vulnerability of the .LNK file processing mechanism in Windows operating systems is related to information representation errors in the user interface. Exploiting this vulnerability allows an attacker to secretly execute arbitrary commands on the operating system by sending a specially crafte...

PT-2024-6052

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue concerns a security feature bypass vulnerability in the Mark of the Web MOTW protection mechanism of Microsoft Windows. This vulnerability can be exploited by an attacker ...

CVE-2023-25734

After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Othe...