Search criteria
2 vulnerabilities by druide
CVE-2019-9565 (GCVE-0-2019-9565)
Vulnerability from cvelistv5 – Published: 2019-03-04 08:00 – Updated: 2024-09-16 20:43
VLAI
Summary
Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gosecure.net/2019/02/20/abusing-unsafe-de… | x_refsource_MISC |
| https://www.druide.com/en/news/security-improveme… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gosecure.net/2019/02/20/abusing-unsafe-defaults-in-active-directory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.druide.com/en/news/security-improvement-antidote-windows"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-04T08:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gosecure.net/2019/02/20/abusing-unsafe-defaults-in-active-directory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.druide.com/en/news/security-improvement-antidote-windows"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gosecure.net/2019/02/20/abusing-unsafe-defaults-in-active-directory/",
"refsource": "MISC",
"url": "https://gosecure.net/2019/02/20/abusing-unsafe-defaults-in-active-directory/"
},
{
"name": "https://www.druide.com/en/news/security-improvement-antidote-windows",
"refsource": "MISC",
"url": "https://www.druide.com/en/news/security-improvement-antidote-windows"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9565",
"datePublished": "2019-03-04T08:00:00.000Z",
"dateReserved": "2019-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:43:05.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13140 (GCVE-0-2018-13140)
Vulnerability from cvelistv5 – Published: 2018-09-24 22:00 – Updated: 2024-08-05 08:52
VLAI
Summary
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sysdream.com/news/lab/2018-09-21-cve-2018… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2018/Sep/38 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/149468/Antid… | x_refsource_MISC |
Date Public
2018-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:50.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/"
},
{
"name": "20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T21:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/"
},
{
"name": "20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Sep/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/"
},
{
"name": "20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Sep/38"
},
{
"name": "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13140",
"datePublished": "2018-09-24T22:00:00.000Z",
"dateReserved": "2018-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:52:50.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}