Lucene search
K

25 matches found

The Hacker News
The Hacker News
added 2021/08/02 11:11 a.m.436 views

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...

9.8CVSS0.5AI score0.99737EPSS
Exploits19
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.873 views

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

0.4AI score0.70894EPSS
Exploits5
Saint
Saint
added 2020/09/25 12:0 a.m.1766 views

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

6.5CVSS8.6AI score0.99046EPSS
Exploits14
Packet Storm
Packet Storm
added 2020/03/12 12:0 a.m.836 views

SQL Server Reporting Services (SSRS) ViewState Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SQL Server Reporting Services SSRS ViewState Deserialization', 'Description' = %q A vulnerability exists within Microsoft's SQL Server Reporting...

6.5CVSS0.2AI score0.99046EPSS
Exploits14
Metasploit
Metasploit
added 2020/02/28 2:57 a.m.149 views

Exchange Control Panel ViewState Deserialization

This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...

8.8CVSS0.6AI score0.99965EPSS
Exploits30
Rows per page
Query Builder