Lucene search
K

19 matches found

Packet Storm
Packet Storm
added 2024/03/27 12:0 a.m.401 views

Sharepoint Dynamic Proxy Generator Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'Sharepoint Dynamic Proxy Generator Unauth RCE', 'Description' = %q This module exploits two vulnerabilities in Sharepoint...

9.8CVSS7.4AI score0.99649EPSS
Exploits11
0day.today
0day.today
added 2024/03/27 12:0 a.m.471 views

Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers t...

9.8CVSS8.1AI score0.99649EPSS
Exploits11
Metasploit
Metasploit
added 2024/03/26 7:51 p.m.595 views

Sharepoint Dynamic Proxy Generator Unauth RCE

This module exploits two vulnerabilities in Sharepoint 2019, an auth bypass CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955, an RCE which was patched in May of 2023. The auth bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the...

9.8CVSS8.6AI score0.99649EPSS
Exploits11
hivepro
hivepro
added 2024/01/15 12:56 p.m.45 views

Active Exploitation of Two Critical Flaws in Microsoft SharePoint

Summary: Active attacks targeting a critical Microsoft SharePoint Server vulnerability CVE-2023-29357 pose a severe risk, enabling privilege escalation for potential full administrator access. This flaw, coupled with CVE-2023-24955, allows arbitrary code execution. Immediate patching is crucial, ...

7.5CVSS8.3AI score0.99649EPSS
Exploits11
The Hacker News
The Hacker News
added 2024/01/12 6:35 a.m.79 views

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 CVSS score: 9.8, is a...

9.8CVSS9.3AI score0.99649EPSS
Exploits11
CISA
CISA
added 2024/01/10 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and po...

9.8CVSS7.2AI score0.99649EPSS
In wildExploits10References6
GithubExploit
GithubExploit
added 2023/12/22 8:42 a.m.420 views

Exploit for Incorrect Implementation of Authentication Algorithm in Microsoft

CVE 2023 29357 Informations - Cible SharePoint Windows Se...

9.8CVSS9.9AI score0.99649EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2023/12/18 12:0 a.m.83 views

Microsoft SharePoint Authentication Bypass (CVE-2023-29357)

Binary data microsoftsharepointcve-2023-29357.nbin...

9.8CVSS9.8AI score0.99649EPSS
Exploits10References4
GithubExploit
GithubExploit
added 2023/09/30 11:17 p.m.233 views

Exploit for Incorrect Implementation of Authentication Algorithm in Microsoft

Recreation of the SharePoint PoC for CVE-2023-29357 in C with l...

9.8CVSS8.6AI score0.99649EPSS
Exploits11
The Hacker News
The Hacker News
added 2023/06/14 7:50 a.m.196 views

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in...

9.8CVSS10.1AI score0.99649EPSS
Exploits12
Circl
Circl
added 2023/06/14 4:0 a.m.10 views

CVE-2023-29357

creationtimestamp| type| source ---|---|--- 2023-06-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1041 2023-06-14 07:30:34+00:00| seen| https://t.me/cibsecurity/65185 2023-06-14 10:24:46+00:00| seen| https://t.me/kasperskyb2b/694 2023-06-14 13:25:38+00:00| seen|...

9.8CVSS7.1AI score0.99649EPSS
In wildExploits10References49
OSV
OSV
added 2023/06/14 12:15 a.m.1 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability...

9.8CVSS7.3AI score0.99649EPSS
Exploits10References2
NVD
NVD
added 2023/06/14 12:15 a.m.33 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability...

9.8CVSS9.6AI score0.99649EPSS
Exploits10References2
CVE
CVE
added 2023/06/13 11:26 p.m.638 views

CVE-2023-29357

CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege vulnerability. The root cause is an incorrect authentication implementation that allows an unauthenticated attacker to spoof JWT authentication tokens, enabling them to execute with administrator privileges on affected SharePo...

9.8CVSS9.6AI score0.99649EPSS
In wildExploits10References2Affected Software1
Cvelist
Cvelist
added 2023/06/13 11:26 p.m.39 views

CVE-2023-29357 Microsoft SharePoint Server Elevation of Privilege Vulnerability

...

9.8CVSS9.6AI score0.99649EPSS
Exploits10References1
Rapid7 Blog
Rapid7 Blog
added 2023/06/13 8:49 p.m.101 views

Patch Tuesday - June 2023

It’s June, and it’s Patch Tuesday. The volume of fixes this month is typical compared with recent history: 94 in total including Edge-on-Chromium. For the first time in a while, Microsoft isn’t offering patches for any zero-day vulnerabilities, but we do get fixes for four critical Remote Code...

7.5CVSS9.2AI score0.99649EPSS
Exploits28
Krebs on Security
Krebs on Security
added 2023/06/13 8:44 p.m.54 views

Microsoft Patch Tuesday, June 2023 Edition

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This months relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March...

7.5CVSS8.1AI score0.99649EPSS
Exploits10
Qualys Blog
Qualys Blog
added 2023/06/13 7:58 p.m.69 views

Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review

Microsoft has released Junes edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles. Microsoft Patch Tuesday for June 2023 No zero-day vulnerabilities known to be exploited in the wild have been fixed in this...

7.5CVSS9.8AI score0.99649EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.72 views

Security Updates for Microsoft SharePoint Server 2019 (June 2023)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A Sharepoint Server elevation of privilege vulnerabilty. CVE-2023-29357, CVE-2023-33142 - A Sharepoint Server spoofing vulnerability...

9.8CVSS8AI score0.99649EPSS
Exploits10References6
Rows per page
Query Builder