13 matches found
Exploit for CVE-2018-8581
CVE-2018-8581 Testing Environment This directory contains a r...
Microsoft Exchange ProxyLogon Collector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Serv...
Microsoft Exchange Server 安全漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A security vulnerability exists in Microsoft Exchange Server. The following products and versions a...
Microsoft Exchange ProxyShell RCE
This module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication CVE-2021-31207, impersonate an arbitrary user CVE-2021-34523 and write an arbitrary file CVE-2021-34473 to achieve the RCE Remote Code Execution. By taking advantage of this...
Microsoft Exchange Server 授权问题漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening, and other features. An authorization issue vulnerability exists in Microsoft Exchange Server. The...
Microsoft Exchange 2019 - Unauthenticated Email Download Exploit
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module scan for...
Microsoft Exchange Server 代码问题漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code issue vulnerability exists in Microsoft Exchange Server. The following...
Microsoft Exchange ProxyLogon RCE
This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you can execute...
Microsoft Exchange 2010 End of Support and Overall Patching Study
Today's topic is Exchange 2010, which reaches end of support EoS on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date. During our work with Project Sonar, we consistently see the use of old and EoS software on the internet. This is...
ExchangeRelayX - An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)
Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...
CVE-2017-8621
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability"...
Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2015-05966)
Microsoft Exchange Server is a suite of e-mail service components from Microsoft. A cross-site scripting vulnerability exists in Microsoft Exchange Server 2013 Cumulative Update 8/9/SP1, Outlook Web Access OWA, which can be exploited by remote attackers to inject arbitrary web script or HTML via ...
Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability Google Dork: NA Date: 08/01/2014 Exploit Author: Nate Power Vendor Homepage: microsoft.com Software Link: NA Version: Exchange OWA 2003, Exchange CAS 2007/2010/2013 Tested on: Exchange OWA 2003, Exchange CAS...