GhostLock: SMB Deny-Share Handles As a Zero-Privilege Availability Weapon

GhostLock demonstrates that a low-privileged Windows domain user with standard read access to an SMB share can produce ransomware-equivalent organizational availability impact with zero writes, zero encryption, and zero signals in every behavioral defense the modern enterprise security stack...

CVE-2025-0913

CVE-2025-0913 : The Go standard library change fixes a mismatch in behavior of os.OpenFile with O_CREATE|O_EXCL when the path is a dangling symlink. Previously Unix vs Windows differed; now the operation returns an error if both flags are set and the target is a symlink. This vulnerability is rat...

Published desktop is launched in background of local applications

Setting registry key: ForegroundLockTimeout to 0 makes published desktop window to launch in foreground in most cases. HKCU\Control Panel\Desktop name: ForegroundLockTimeout type: REGDWORD data: 0 default: 200000 In some cases, there are applications that set this value to a non 0 value, which...

CVE-2007-3285

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a 1 file:/// or 2 resource: URI with a dangerous extension, followed by a NULL byte %00 and a safer extension, which causes Firefox to treat the requested file...

Endymion SakeMail and MailMan File Disclosure Vulnerability

Product: SakeMail - Webmailsystem http://www.endymion.com Problem Description: due to missing input-validation it is possible to read xml/other files with sakemails permissions read THIS javanullbyte.html for additional infos on nullbytes and java-classes! Example: a HTTP-request to:...