25 matches found
New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits
A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...
Microsoft SharePoint SSI / ViewState Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...
Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability
Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...
SQL Server Reporting Services (SSRS) ViewState Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SQL Server Reporting Services SSRS ViewState Deserialization', 'Description' = %q A vulnerability exists within Microsoft's SQL Server Reporting...
Exchange Control Panel ViewState Deserialization
This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...