Lucene search
K

91 matches found

FireEye
FireEye
added 2021/09/03 10:0 a.m.746 views

PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers

In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 affecting the following versions of on-premises Microsoft...

10CVSS0.6AI score0.99999EPSS
Exploits18References9
Hacker One
Hacker One
added 2021/07/19 9:49 p.m.4 views

Rockstar Games: Open Redirection effects autodiscover.rockstargames.com

In a report, a researcher identified an open redirection vulnerability in the Office365 Autodiscover service of the rockstargames.com domain. The issue was resolved through updates from Microsoft and internal configuration changes...

7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2021/07/19 12:0 a.m.762 views

(Pwn2Own) Microsoft Exchange Server Autodiscover Server Side Request Forgery Authentication Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Autodiscover service. The issue results from the lack of proper validation...

10CVSS2.4AI score0.99999EPSS
Exploits16References1
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.17 views

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2021:0093-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS9.2AI score0.01283EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2021/03/18 12:0 a.m.1595 views

Microsoft Exchange 2019 SSRF / Arbitrary File Write

import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...

7.5CVSS0.4AI score0.99999EPSS
Exploits63
Exploit DB
Exploit DB
added 2021/03/14 12:0 a.m.252 views

Microsoft Exchange 2019 - Server-Side Request Forgery

import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...

7.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2021/02/09 8:0 a.m.51 views

Cumulative Update 7 for Exchange Server 2019

Cumulative Update 7 for Exchange Server 2019 Cumulative Update 7 for Microsoft Exchange Server 2019 was released on September 15, 2020. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. Thes...

9CVSS7.2AI score0.47145EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.22 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2021-127)

This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.6.1 - changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 - fixed: Running a quicksearch that returned no...

8.8CVSS8.2AI score0.01283EPSS
Exploits0References2
OSV
OSV
added 2021/01/20 3:22 p.m.5 views

OPENSUSE-SU-2021:0127-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

8.8CVSS9AI score0.01283EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/20 12:0 a.m.45 views

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0127-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update...

8.8CVSS8.9AI score0.01283EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/16 12:0 a.m.34 views

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0093-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update...

8.8CVSS8.9AI score0.01283EPSS
Exploits0References1
OSV
OSV
added 2021/01/14 9:28 a.m.5 views

SUSE-SU-2021:0123-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

8.8CVSS8.6AI score0.01283EPSS
Exploits0References3
Kitploit
Kitploit
added 2021/01/07 8:30 p.m.41 views

UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)

A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a vulnerability, so th...

7.7AI score
Exploits0References3
Kitploit
Kitploit
added 2020/10/12 8:30 p.m.100 views

O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page

Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page. Usage o365enum will read usernames from the file provided as first parameter. The file should have one username per line. The output is CSV-based for easier parsing. Valid status can be 0 invalid...

7.7AI score
Exploits0References2
NVD
NVD
added 2020/04/07 2:15 p.m.15 views

CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...

6.5CVSS6.6AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2020/04/07 2:15 p.m.3 views

CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...

6.5CVSS5.8AI score0.00329EPSS
Exploits0References1
Prion
Prion
added 2020/04/07 2:15 p.m.18 views

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...

3.5CVSS6.6AI score0.00329EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/07 1:56 p.m.15 views

CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...

6.6AI score0.00329EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/12/27 12:0 a.m.134 views

Microsoft Exchange Server External Service Interaction

I. VULNERABILITY ------------------------- Microsoft Exchange Server, External Service Interaction DNS Exchange Server 2013 CU22 and previous. II. CVE REFERENCE ------------------------- Not Assigned Yet III. VENDOR ------------------------- https://www.microsoft.com IV. DESCRIPTION...

7.4AI score
Exploits0
OSV
OSV
added 2019/08/06 1:15 p.m.4 views

CVE-2016-10777

cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscoverhost SEC-177...

5.4CVSS5.8AI score0.00542EPSS
Exploits0References1
Rows per page
Query Builder