CVE-2026-34523

Summary: The CVE is connected to a path traversal vulnerability in SillyTavern. The static file route handler uses a directory function and a user-supplied, percent-encoded path without proper boundary checks, allowing an unauthenticated user to determine whether files exist on the server. The ex...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-34523

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2023-32956 · Undefined · Undefined

ParsedReport CompletenessHigh 10-07-2023 The five-day job: A BlackByte ransomware intrusion case study https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study Report completeness: High Actors/Campaigns: Volt typhoon motivation: cyber...

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

AvosLocker Ransomware Behavior Examined on Windows & Linux

AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail. AvosLocker is a relatively new...

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

VulnCheck KEV: CVE-2021-34523

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...

ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit CVE-2021-36942 to compromise Windows Domain Controllers earlier this week. Using ProxyShell...

Patch now! Microsoft Exchange is being attacked via ProxyShell

Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute...

Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities

Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable...

Microsoft Exchange ProxyShell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'winrm' class MetasploitModule 'Microsoft Exchange ProxyShell RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allo...

CVE-2021-34523

Microsoft Exchange Server on-premises is affected by ProxyShell chain implying CVE-2021-34523 as a local/elevation of privilege issue in the Exchange PowerShell backend. The exploit chain begins with pre-auth access via Autodiscover and MAPI to leak DN/SID, enabling impersonation and remote Power...

ProxyShell Exploit Chain

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: ccondon-r7 at August 12, 2021 9:19pm UTC reported: Check out the Rapid7 analysis for details on the exploit chain. Seems like a lot of the PoC implementations so far are using admin mailboxes, but I’d imagine folks...

CVE-2021-34523

Microsoft Exchange Server Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at November 22, 2024 9:11am UTC reported: CVE-2021-34523 is a privilege escalation vulnerability in Microsoft Exchange Server that arises due to improper validation of PowerShell remoting requests. This...

Microsoft Exchange Server Remote Code Execution (CVE-2021-34473; CVE-2021-34523)

A remote code execution vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

April 2021 Update Tuesday packages now available

Update August 25, 2021: Microsoft strongly recommends that you update your servers with the most recent security updates available. CVE-2021-34473 ProxyShell CVE-2021-34523 ProxyShell CVE-2021-33766 Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release...

CVE-2021-34523

creationtimestamp| type| source ---|---|--- 2021-04-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/04/april-2021-update-tuesday-packages-now-available/ 2021-07-14 16:59:39+00:00| seen| https://t.me/truesecator/1917 2021-07-14 22:31:53+00:00| seen| https://t.me/cibsecurity/26163...