CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2015-2852

Malware in sbrugna...

5CVSS6.4AI score0.00227EPSS

Exploits0References3

Snyk•added 2025/07/05 3:41 a.m.•2 views

Replay Attack

Overview dradis-nessus is an add-on that allows you to upload and parse output produced from Tenable's Nessus Scanner into Dradis. Affected versions of this package are vulnerable to Replay Attack via the handling of external image resources over HTTPS. An attacker can obtain Net-NTLM hashes of...

5.1CVSS7AI score0.00164EPSS

CNNVD•added 2025/07/05 12:0 a.m.•3 views

Dradis 安全漏洞

Dradis is a suite of reporting and collaboration tools for information security teams. A security vulnerability exists in Dradis 4.16.0 and prior versions that stems from allowing references to external images, which could lead to the theft of Net-NTLM hashes from other users on a Windows domain...

4.3CVSS6.3AI score0.00164EPSS

Packet Storm•added 2024/08/31 12:0 a.m.•153 views

Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associated wit...

Packet Storm•added 2024/08/31 12:0 a.m.•169 views

Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associate...

Citrix•added 2024/07/13 12:0 a.m.•5 views

How to Create an ISO Storage Repository by Using a CIFS Share with NTLMv2 Authentication Enabled

This article describes how to create an ISO Storage Repository by using a CIFS share with NTLMv2 authentication enabled. When Group Policy Object GPO of the Windows domain enforces NTLMv2 authentication, you are unable to create the ISO Storage Repository by using XenCenter. The following procedu...

7.5AI score

Hive Pro Threat Advisories•added 2024/02/21 2:17 p.m.•28 views

Admins Urged to Uninstall VMware EAP Amid Critical Flaws

Summary: VMware has issued a warning to administrators regarding two unaddressed security vulnerabilities necessitating the removal of an outdated authentication plugin. Identified as CVE-2024-22245 and CVE-2024-22250, these vulnerabilities enable session hijacking and authentication relay attack...

6.8CVSS7.7AI score0.0072EPSS

CNNVD•added 2023/04/11 12:0 a.m.•3 views

Microsoft Windows DNS 安全漏洞

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

4.9CVSS5.8AI score0.0774EPSS

Exploits0References3

Kitploit•added 2022/09/03 12:30 p.m.•35 views

ApacheTomcatScanner - A Python Script To Scan For Apache Tomcat Server Vulnerabilities

A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by...

Rapid7 Blog•added 2022/07/22 5:8 p.m.•25 views

Exploits0References1

Metasploit Weekly Wrap-Up

The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog. Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's...

0.1AI score

Malwarebytes•added 2022/06/21 3:49 p.m.•27 views

DFSCoerce, a new NTLM relay attack, can take control over a Windows domain

A researcher has published a Proof-of-Concept PoC for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol MS-DFSNM to seize control of a Windows domain. Active Directory A directory service is a hierarchical arrangement of objects...

1.9AI score

The Hacker News•added 2022/06/21 8:2 a.m.•56 views

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain

A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System DFS: Namespace Management Protocol MS-DFSNM to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service...

7.1AI score

Kitploit•added 2021/11/12 8:30 p.m.•41 views

Ad-Honeypot-Autodeploy - Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically

Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirt with QEMU/KVM but it can be customized easily for cloud-based solutions. Used for painlessly set up a small Windows Domain from scratch...

7AI score

Exploits0References5

Kitploit•added 2021/09/28 11:30 a.m.•24 views

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts

SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...

7.8AI score

CNNVD•added 2021/09/22 12:0 a.m.•2 views

ZOHO ManageEngine ADManager Plus 操作系统命令注入漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks such as batch management of user accoun...

9.8CVSS8.3AI score0.20543EPSS

Exploits0References1

NVD•added 2021/04/01 10:15 p.m.•14 views

CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...

8.1CVSS0.00183EPSS

Exploits0References1

Positive Technologies•added 2020/08/09 12:0 a.m.•4 views

PT-2020-3933 · Microsoft · Windows Dns +1

Name of the Vulnerable Software and Affected Versions: Windows DNS affected versions not specified Description: A denial of service issue exists due to improper handling of queries. An authenticated attacker can exploit this by sending malicious DNS queries, causing the DNS service to become...

7.8CVSS7.3AI score0.16238EPSS

Exploits0References5

Kitploit•added 2019/11/18 12:30 p.m.•184 views

DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices

DetectionLab is tested weekly on Saturdays via a scheduled CircleCI workflow to ensure that builds are passing. Purpose This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and som...

7.5AI score

Exploits0References17

Kitploit•added 2018/12/16 12:34 p.m.•101 views

LDAP_Search - Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

LDAPSearch can be used to enumerate Users, Groups, and Computers on a Windows Domain. Authentication can be performed using traditional username and password, or NTLM hash. In addition, this tool has been modified to allow brute force/password-spraying via LDAP. LdapSearch makes use of Impackets...