Lucene search
+L

10 matches found

rapid7blog
rapid7blog
•added 2020/10/23 6:56 p.m.•259 views

Metasploit Wrap-Up

Metasploit keeping that developer awareness rate up. Thanks to mrme & wvu, SharePoint is an even better target to find in your next penetration test. The newly minted module can net you a shell and a copy of the servers config, making that report oh so much more fun. Like to escape the sandbox?...

9CVSS8.5AI score0.99737EPSS
Exploits41
checkpoint_advisories
checkpoint_advisories
•added 2020/10/20 12:0 a.m.•34 views

Microsoft SharePoint Remote Code Execution (CVE-2020-16952)

A remote code execution vulnerability exists in Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.7AI score0.70894EPSS
Exploits5
packetstorm
packetstorm
•added 2020/10/19 12:0 a.m.•874 views

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

0.4AI score0.70894EPSS
Exploits5
zdt
zdt
•added 2020/10/19 12:0 a.m.•99 views

Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit

This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...

8.6CVSS0.5AI score0.70894EPSS
Exploits5
nvd
nvd
•added 2020/10/16 11:15 p.m.•21 views

CVE-2020-16952

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

8.6CVSS0.70894EPSS
Exploits5References2
cve
cve
•added 2020/10/16 10:18 p.m.•409 views

CVE-2020-16952

CVE-2020-16952 is a Microsoft SharePoint Remote Code Execution vulnerability where failure to validate the source markup of an application package allows an attacker to execute arbitrary code in the SharePoint app pool and server farm context. Exploitation requires uploading a specially crafted S...

8.6CVSS8.7AI score0.70894EPSS
In wildExploits5References2Affected Software3
circl
circl
•added 2020/10/16 7:37 p.m.•46 views

CVE-2020-16952

creationtimestamp| type| source ---|---|--- 2020-10-16 19:37:24+00:00| seen| https://t.me/BleepingComputer/8342 2020-10-17 16:09:38+00:00| published-proof-of-concept| https://t.me/cKure/2560 2020-10-19 14:32:14+00:00| seen|...

8.6CVSS7.7AI score0.70894EPSS
Exploits5References4
cisa
cisa
•added 2020/10/16 12:0 a.m.•77 views

NCSC Releases Alert on Microsoft SharePoint Vulnerability

The United Kingdom UK National Cyber Security Centre NCSC has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020...

6.8CVSS1.9AI score0.70894EPSS
In wildExploits5References4
attackerkb
attackerkb
•added 2020/10/16 12:0 a.m.•865 views

CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16951. Recent assessments: wvu-r7 at October 13,...

9CVSS3AI score0.99965EPSS
In wildExploits48References3
srcincite
srcincite
•added 2020/07/06 12:0 a.m.•119 views

SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DataFormWebPart class. The issue results from the lack of prope...

8.6CVSS8.2AI score0.70894EPSS
Exploits5
Rows per page
Query Builder