15 matches found
EUVD-2014-6877
Malware in sbrugna...
(Pwn2Own) Microsoft Exchange Server OAB Arbitrary File Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the OAB service. T...
CVE-2021-27065
Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 10, 2021 7:13am UTC reported: When used with CVE-2021-26855, an unauthenticated SSRF, CVE-2021-27065 yields unauthed, SYSTEM-level RCE against a vulnerable Exchange Server. On its own, exploiting thi...
recortedigital.oab-ba.org.br Cross Site Scripting vulnerability OBB-1292138
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
pesquisas.oab-ba.org.br Cross Site Scripting vulnerability OBB-1285299
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
servicos.oab-ba.org.br Cross Site Scripting vulnerability OBB-1285283
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
oab-ba.org.br Cross Site Scripting vulnerability OBB-1285281
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
validador.oab.org.br Cross Site Scripting vulnerability OBB-1285275
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
oab-ro.org.br Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1125514 Security Researcher CryptoZero Helped patch 3 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting oab-ro.org.br website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the I...
www1.oab.org.br XSS vulnerability
Open Bug Bounty ID: OBB-645394 Description| Value ---|--- Affected Website:| www1.oab.org.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2014-6999
The Questoes OAB aka com.pedefeijao.questoesoab application oabandroid1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Questoes OAB aka com.pedefeijao.questoesoab application oabandroid1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6999
The Questoes OAB aka com.pedefeijao.questoesoab application oabandroid1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6999
CVE-2014-6999 affects the Android app Questoes OAB (com.pedefeijao.questoesoab) version oab_android_1.2. The issue is that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate....
Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)
Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability Google Dork: NA Date: 08/01/2014 Exploit Author: Nate Power Vendor Homepage: microsoft.com Software Link: NA Version: Exchange OWA 2003, Exchange CAS 2007/2010/2013 Tested on: Exchange OWA 2003, Exchange CAS...