Read Time:10 Second
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Category Archives: Advisories
CVE-2020-25717
Read Time:8 Second
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
CVE-2020-25718
Read Time:10 Second
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.
CVE-2020-25719
Read Time:17 Second
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
CVE-2020-25722
Read Time:9 Second
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
CVE-2020-8242
Read Time:9 Second
Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.
Datarobot — Remote Code Execution
Read Time:23 Second
Posted by Michael Coers on Feb 18
Exploit Title: Datarobot — Remote Code Execution
Date: 9/28/2021
Vendor Homepage: https://www.datarobot.com
Software Link: https://app.datarobot.com/
Version: TBD – awaiting build version from vendor
Tested on: The issue affects all versions of the product up to the date of this submission
Exploit Authors: Mike Coers & Pathfynder Inc
Exploit Contact: sm0key a t dnsfiltrate_io & micheal.coers a t pathfynder dot_io
Exploit Technique:…
MartFury Marketplace – Cross Site Scripting Vulnerability
Read Time:15 Second
Posted by info () vulnerability-lab com on Feb 18
Document Title:
===============
MartFury Marketplace – Cross Site Scripting Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2282
Release Date:
=============
2022-02-17
Vulnerability Laboratory ID (VL-ID):
====================================
2282
Common Vulnerability Scoring System:
====================================
5.5
Vulnerability Class:
====================
Cross Site…
Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability
Read Time:16 Second
Posted by info () vulnerability-lab com on Feb 18
Document Title:
===============
Vicidial v2.14-783a – (DB) SQL Injection Web Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2312
Release Date:
=============
2022-02-17
Vulnerability Laboratory ID (VL-ID):
====================================
2312
Common Vulnerability Scoring System:
====================================
7.3
Vulnerability Class:
====================
SQL Injection…
WordPress v5.9 – Reflected Cross Site Scripting Web Vulnerability
Read Time:16 Second
Posted by info () vulnerability-lab com on Feb 18
Document Title:
===============
Wordpress v5.9 – Reflected Cross Site Scripting Web Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2316
Release Date:
=============
2022-02-09
Vulnerability Laboratory ID (VL-ID):
====================================
2316
Common Vulnerability Scoring System:
====================================
4.2
Vulnerability Class:
====================
Cross…