91 matches found
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 affecting the following versions of on-premises Microsoft...
Rockstar Games: Open Redirection effects autodiscover.rockstargames.com
In a report, a researcher identified an open redirection vulnerability in the Office365 Autodiscover service of the rockstargames.com domain. The issue was resolved through updates from Microsoft and internal configuration changes...
(Pwn2Own) Microsoft Exchange Server Autodiscover Server Side Request Forgery Authentication Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation...
openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2021:0093-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Microsoft Exchange 2019 SSRF / Arbitrary File Write
import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...
Microsoft Exchange 2019 - Server-Side Request Forgery
import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...
Cumulative Update 7 for Exchange Server 2019
Cumulative Update 7 for Exchange Server 2019 Cumulative Update 7 for Microsoft Exchange Server 2019 was released on September 15, 2020. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. Thes...
openSUSE Security Update : MozillaThunderbird (openSUSE-2021-127)
This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.6.1 - changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 - fixed: Running a quicksearch that returned no...
OPENSUSE-SU-2021:0127-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0127-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0093-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update...
SUSE-SU-2021:0123-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...
UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)
A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a vulnerability, so th...
O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page
Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page. Usage o365enum will read usernames from the file provided as first parameter. The file should have one username per line. The output is CSV-based for easier parsing. Valid status can be 0 invalid...
CVE-2017-18695
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...
CVE-2017-18695
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...
CVE-2017-18695
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...
Microsoft Exchange Server External Service Interaction
I. VULNERABILITY ------------------------- Microsoft Exchange Server, External Service Interaction DNS Exchange Server 2013 CU22 and previous. II. CVE REFERENCE ------------------------- Not Assigned Yet III. VENDOR ------------------------- https://www.microsoft.com IV. DESCRIPTION...
CVE-2016-10777
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscoverhost SEC-177...