EUVD-2017-16264

Malware in sbrugna...

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

CVE-2024-1900

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

GHSA-9WGG-M99Q-HHFC Expired tokens can be renewed without validating the account password

Impact In versions of the proxy from 2022-09-05 onwards since 8c874c2ff3d503ac20c7d32f46e08547fcb9e23f, expired OAuth 2.0 client credentials grant CCG flow authorisation tokens could be renewed automatically without checking their validity against the original account configuration i.e., the...

TeamFiltration - Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally...

SSOh-No - User Enumeration And Password Spraying Tool For Testing Azure AD

This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute...

O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a...

365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD We recommend installing the AzureADPreview module, Exchan...

Vortex - VPN Overall Reconnaissance, Testing, Enumeration And eXploitation Toolkit

VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints like Cisco, Citrix, Fortinet, Pulse,...

Oh365UserFinder - Python3 O365 User Enumeration Tool

Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on...

Zoho ManageEngine O365 Manager Plus Remote Code Execution Vulnerability

A security vulnerability exists in Zoho ManageEngine O365 Manager Plus, a software for auditing, monitoring and managing Office 365 from ZOHO, Inc. prior to Build 4416, which stems from an external input data during the construction of a code segment, and the network system or product fails to...

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

Remote code execution

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component...

CVE-2021-44652

CVE-2021-44652 affects Zoho ManageEngine O365 Manager Plus prior to Build 4416. The vulnerability enables remote code execution via a BCP file overwrite in the ChangeDBAPI component. Exploitation could occur locally to compromise affected installations; CVSS metrics indicate high impact on confid...

Zoho ManageEngine O365 Manager Plus 安全漏洞

A security vulnerability exists in Zoho ManageEngine O365 Manager Plus, a software for auditing, monitoring and managing Office 365 from ZOHO, Inc. prior to Build 4416, which stems from an external input data during the construction of a code segment, and the network system or product fails to...

goEnumBruteSpray - User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin

The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,... Linkedin This module should be used to retrieve a list of email addresses before...