Lucene search
K

170 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.502 views

Microsoft Exchange ProxyLogon Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Serv...

9.8CVSS7.6AI score0.99999EPSS
Exploits63
Tenable Nessus
Tenable Nessus
added 2024/08/01 12:0 a.m.21 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Exim vulnerability (USN-6939-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6939-1 advisory. Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this...

5.4CVSS6.9AI score0.41225EPSS
Exploits5References2
NVD
NVD
added 2024/07/04 3:15 p.m.28 views

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

5.4CVSS0.41225EPSS
Exploits5References5
AlpineLinux
AlpineLinux
added 2024/07/04 12:0 a.m.29 views

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

5.4CVSS7.1AI score0.41225EPSS
Exploits5References5
The Hacker News
The Hacker News
added 2024/02/24 11:49 a.m.30 views

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable th...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2023/12/07 12:0 a.m.15 views

CVE-2023-43102

An issue was discovered in Zimbra Collaboration ZCS before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36...

6.1AI score0.00431EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/12/05 6:59 a.m.71 views

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called...

9.8CVSS9.5AI score0.97798EPSS
Exploits67
The Hacker News
The Hacker News
added 2023/05/25 1:39 p.m.5 views

New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...

7.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-2231

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped .gz mailboxes mbox files via a .. dot dot sequence in the mailbox name...

4.3CVSS7AI score0.02123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.2 views

SUSE CVE-2010-3304

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs...

6.4CVSS7AI score0.0271EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.3 views

SUSE CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

7.1CVSS8AI score0.04954EPSS
Exploits0References13
Fedora
Fedora
added 2022/12/02 1:20 a.m.22 views

[SECURITY] Fedora 37 Update: libetpan-1.9.4-9.fc37

The purpose of this mail library is to provide a portable, efficient middle-w are for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxe s...

5.5CVSS5.4AI score0.00542EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2021/08/31 1:29 p.m.87 views

ProxyToken: Another nail-biter from Microsoft Exchange

Had I known this season of Microsoft Exchange was going to be so long Id have binge watched. Does anyone know how many episodes there are? Sarcasm aside, while ProxyToken may seem like yet another episode of 2021s longest running show, that doesn’t make it any less serious, or any less...

5CVSS7.8AI score0.97502EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2021/07/14 12:0 a.m.112 views

CVE-2021-33766 ProxyToken

Microsoft Exchange Server Information Disclosure Vulnerability Recent assessments: NinjaOperator at August 30, 2021 4:59pm UTC reported: An unauthenticated actor can perform configuration actions on mailboxes belonging to arbitrary users. Which can be used to copy all emails addressed to a target...

7.5CVSS7.2AI score0.97502EPSS
In wildExploits2References3
ThreatPost
ThreatPost
added 2021/06/15 4:46 p.m.39 views

Microsoft Disrupts Large, Cloud-Based BEC Campaign

Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...

6.4AI score
Exploits0References6
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/06/14 4:0 p.m.12 views

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...

6.6AI score
Exploits0
0day.today
0day.today
added 2021/05/18 12:0 a.m.180 views

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and automated downloads of...

9.8CVSS0.99999EPSS
Exploits63
CNNVD
CNNVD
added 2021/04/09 12:0 a.m.5 views

Samsung Email 信息泄露漏洞

Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. A security vulnerability exists in Samsung Email versions prior to 6.1.41.0, which originates from leaking messages in certain mailboxes in clear text. No...

5.3CVSS5.5AI score0.00786EPSS
Exploits0References3
Metasploit
Metasploit
added 2021/03/27 5:42 p.m.49 views

Windows Gather Exchange Server Mailboxes

This module will gather information from an on-premise Exchange Server running on the target machine. Two actions are supported: LIST default action: List basic information about all Exchange servers and mailboxes hosted on the target. EXPORT: Export and download a chosen mailbox in the form of a...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.33 views

CentOS 8 : cyrus-imapd (CESA-2020:4655)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4655 advisory. - cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if th...

9.8CVSS7.1AI score0.02392EPSS
Exploits0References3
Rows per page
Query Builder