[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service DoS attack...

CVE-2026-21243

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network...

PT-2026-7347

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network...

📄 Backdoor.Win32.Poison.jh Remote File Hijack

This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...

(0Day) Microsoft Windows dir Command Improper Character Neutralization Vulnerability

This vulnerability allows remote attackers to display misleading terminal output on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1205)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1205 advisory. - In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an...

EUVD-2019-0430

Malware in sbrugna...

CVE-2025-24789

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write...

CVE-2024-49112

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

CVE-2024-40644 gitoxide's gix-path can use a fake program files location

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...

PT-2024-1731 · Microsoft · Windows Ldap +1

Name of the Vulnerable Software and Affected Versions: Windows Lightweight Directory Access Protocol LDAP affected versions not specified Description: The issue is related to insufficient input validation in the Windows Lightweight Directory Access Protocol LDAP implementation, which can be...

PT-2023-4386 · Microsoft · Windows Ldap +1

Name of the Vulnerable Software and Affected Versions: Windows Lightweight Directory Access Protocol LDAP affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows Lightweight Directory Access Protocol LDAP implementatio...

CVE-2023-28283

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

SUSE CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack...

VulnCheck KEV: CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and...

CVE-2022-26919

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

PT-2021-7031 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the Lightweight Directory Access Protocol LDAP in Microsoft Windows, specifically due to insufficient input validation. This allows a remote...

Backdoor.Win32.NerTe.a Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/125364b0cdae80c10f00b75c8e2cfa47.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.a Vulnerability: Authentication Bypass RCE Description: The malware listens on...

Backdoor.Win32.Backlash.101 Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4ba3c08d8ad964328f2b6f618f714df2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Backlash.101 Vulnerability: Missing Authentication Description: BackLash Server 1.0...