Lucene search
+L

59 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.478 views

Microsoft Exchange ProxyLogon Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...

9.8CVSS7.6AI score0.99999EPSS
Exploits65
GithubExploit
GithubExploit
added 2023/04/23 10:26 p.m.84 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855 This is a modified version of a POC for proxyl...

9.8CVSS9.6AI score0.99999EPSS
Exploits63
hivepro
hivepro
added 2022/12/08 7:20 a.m.63 views

BackdoorDiplomacy targets the telecom industry in the Middle East

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary BackdoorDiplomacy, an advanced persistent threat APT gang with roots in China, is most likely behind a hostile campaign targeting the Middle East. The espionage action, aimed at a Middle Eastern telecom...

7.5CVSS0.9AI score0.99999EPSS
Exploits63
Information Security Automation
Information Security Automation
added 2022/10/21 8:10 p.m.162 views

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...

10CVSS1.1AI score0.99999EPSS
Exploits975
GithubExploit
GithubExploit
added 2022/06/24 5:42 p.m.325 views

Exploit for Server-Side Request Forgery in Microsoft

proxylogon my exploit for the proxylogon chain Microsoft Exch...

9.8CVSS10AI score0.99999EPSS
Exploits63
ICS
ICS
added 2022/04/28 12:0 p.m.131 views

2021 Top Routinely Exploited Vulnerabilities

Summary This joint Cybersecurity Advisory CSA was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI,...

10CVSS10AI score0.99999EPSS
Exploits1022References209
GithubExploit
GithubExploit
added 2021/12/04 10:38 p.m.149 views

Exploit for Server-Side Request Forgery in Microsoft

pocproxylogon Microsoft Exchange ProxyLogon PoC CVE-2021-268...

9.8CVSS10AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/11/22 11:47 a.m.461 views

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

10CVSS9.4AI score0.99999EPSS
Exploits78
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/16 4:0 p.m.277 views

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center MSTIC has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state...

7.5CVSS9.4AI score0.99999EPSS
Exploits87
Microsoft Secure
Microsoft Secure
added 2021/11/16 4:0 p.m.271 views

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center MSTIC has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state...

7.5CVSS9.4AI score0.99999EPSS
Exploits87
0day.today
0day.today
added 2021/05/21 12:0 a.m.178 views

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module scan for...

9.8CVSS0.99999EPSS
Exploits65
Packet Storm
Packet Storm
added 2021/05/21 12:0 a.m.347 views

Microsoft Exchange ProxyLogon Collector

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Date: 2021-03-02 Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q Thi...

7.5CVSS0.2AI score0.99999EPSS
Exploits65
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.755 views

Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Date: 2021-03-02 Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q Thi...

9.8CVSS9.5AI score0.99999EPSS
Exploits65
Packet Storm
Packet Storm
added 2021/05/18 12:0 a.m.370 views

Microsoft Exchange 2019 Unauthenticated Email Download

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Date: 03-11-2021 Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and...

7.5CVSS10AI score0.99999EPSS
Exploits63
0day.today
0day.today
added 2021/05/18 12:0 a.m.182 views

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and automated downloads of...

9.8CVSS0.99999EPSS
Exploits63
Exploit DB
Exploit DB
added 2021/05/18 12:0 a.m.530 views

Microsoft Exchange 2019 - Unauthenticated Email Download

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Date: 03-11-2021 Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and...

9.8CVSS10AI score0.99999EPSS
Exploits63
ThreatPost
ThreatPost
added 2021/05/10 5:37 p.m.800 views

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

10CVSS7.7AI score0.99999EPSS
Exploits189References15
Gitee
Gitee
added 2021/03/30 5:7 p.m.12 views

Exploit for Path Traversal in Vmware Cloud_Foundation

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...

10CVSS9.7AI score0.99999EPSS
Exploits106
Metasploit
Metasploit
added 2021/03/23 5:42 p.m.396 views

Microsoft Exchange ProxyLogon RCE

This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you can execute...

9.8CVSS9.5AI score0.99999EPSS
Exploits65
Metasploit
Metasploit
added 2021/03/23 5:42 p.m.538 views

Microsoft Exchange ProxyLogon Scanner

This module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin CVE-2021-26855. By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution CVE-2021-27065. As a result, a...

9.8CVSS9.8AI score0.99999EPSS
Exploits65
Rows per page
Query Builder