Lucene search
K

91 matches found

Cvelist
Cvelist
added 2024/05/01 12:0 a.m.17 views

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

6.9AI score0.01602EPSS
Exploits2References2
Openbugbounty
Openbugbounty
added 2023/11/14 8:7 p.m.13 views

autodiscover.comunidad.itam.mx Cross Site Scripting vulnerability OBB-3780726

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/04/28 6:40 p.m.9 views

autodiscover.rezervace.jogaletna.cz Cross Site Scripting vulnerability OBB-3279323

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/06 9:1 a.m.197 views

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted...

9.8CVSS1.2AI score0.99964EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/12/23 11:46 p.m.11 views

Exploit for CVE-2022-41080

CVE-2022-41080 Desc - CrowdStrike recently discovered a n...

9.8CVSS9AI score0.99964EPSS
Exploits11
The Hacker News
The Hacker News
added 2022/12/21 7:41 a.m.392 views

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...

9.8CVSS1.8AI score0.99964EPSS
Exploits16
Zero Day Initiative
Zero Day Initiative
added 2022/10/17 12:0 a.m.50 views

Microsoft Exchange Autodiscover Server-Side Request Forgery Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation of a URI prio...

6.3CVSS2.4AI score0.99945EPSS
Exploits9References1
GithubExploit
GithubExploit
added 2022/10/14 5:1 p.m.761 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2022-41040 Microsoft Exchange vulnerable to server-side...

8.8CVSS9AI score0.99945EPSS
Exploits9
CERT
CERT
added 2022/10/03 12:0 a.m.728 views

Microsoft Exchange vulnerable to server-side request forgery and remote code execution.

Overview Microsoft Exchange Server 2019, Exchange Server 2016 and Exchange Server 2013 are vulnerable to a server-side request forgery SSRF attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary...

8.8CVSS9.4AI score0.99964EPSS
Exploits16References6
Rapid7 Blog
Rapid7 Blog
added 2022/02/16 8:0 p.m.18 views

[Security Nation] Amit Serper on Finding Leaks in Autodiscover

!\Security Nation\ Amit Serper on Finding Leaks in Autodiscoverhttps://blog.rapid7.com/content/images/2022/02/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Amit Serper, Director of Security Research at Akamai, on his work uncovering a flaw in the Autodiscover...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/22 12:0 a.m.45 views

Microsoft Exchange Server Autodiscover Cross-Site Scripting

Microsoft Exchange Server versions 2019 before cumulative update 11, 2016 before cumulative update 22 and 2013 before cumulative update 23 are affected by a cross-site scripting vulnerability through the autodiscover/autodiscover.json endpoint. By crafting a specific URL, an attacker could target...

6.5CVSS6.5AI score0.93877EPSS
Exploits3References3
Information Security Automation
Information Security Automation
added 2021/10/21 12:23 a.m.182 views

Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle

Hello everyone! This episode will be about relatively recent critical vulnerabilities. Lets start with Microsoft Patch Tuesday for October 2021. Specifically, with the vulnerability that I expected there, but it didnt get there. Autodiscover leak discovered by Guardicore Labs "Autodiscover, a...

7.5CVSS0.6AI score0.99999EPSS
Exploits175
ThreatPost
ThreatPost
added 2021/10/12 5:46 p.m.23 views

Office 365 Spy Campaign Targets US Military Defense

A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. The threat actor’s goal is Microsoft Office 365 account takeovers. Microsoft, which...

6.9AI score
Exploits0References4
Malwarebytes
Malwarebytes
added 2021/10/04 9:15 a.m.27 views

A week in security (Sept 27 – Oct 3)

Last week on Malwarebytes Labs Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18 Phone screenshots accidentally leaked online by stalkerware-type company FoggyWeb, analysis of a Nobelium backdoor Instagram Kids put on hold Microsoft, CISA and NSA...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/29 6:22 p.m.61 views

[Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

!\Security Nation\ Rob Graham on Mike Lindell's Cyber Symposiumhttps://blog.rapid7.com/content/images/2021/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell's Cyber...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/24 6:46 p.m.55 views

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Guardicore security researcher Amit Serper has discovered a severe design bug in Microsoft Exchange’s autodiscover – a protocol that lets users easily configure applications such as Microsoft Outlook with just email addresses and passwords. The flaw has caused the Autodiscover service to leak...

5.3CVSS6.4AI score0.01931EPSS
Exploits0References17
The Hacker News
The Hacker News
added 2021/09/23 5:25 p.m.34 views

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the abilit...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/23 5:11 p.m.44 views

Microsoft Exchange Autodiscover flaw reveals users’ passwords

Researchers have been able to get hold of 372,072 Windows domain credentials, including 96,671 unique credentials, in slightly over 4 months by setting up a Microsoft Exchange server and using Autodiscover domains. The credentials that are being leaked are valid Windows domain credentials used to...

0.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/09/22 1:0 p.m.9 views

Autodiscovering the Great Leak

See the most recent research from Amit Serper on a vulnerability in Autodiscover from Microsoft Outlook that affects credential leaks...

3.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/09/07 12:0 a.m.7 views

The vulnerability of the mailboxd component (Autodiscover/Autodiscover.xml) in the Zimbra Collaboration Suite enterprise email management system allows a hacker to execute an XXE attack.

The vulnerability of the mailboxd component Autodiscover/Autodiscover.xml in the Zimbra Collaboration Suite enterprise email management system is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute an XXE atta...

10CVSS7.9AI score0.99986EPSS
Exploits4References8
Rows per page
Query Builder