Show filters
2,153 Total Results
Displaying 11-20 of 2,153
Sort by:
Attacker Value
Very High

ProxyShell Exploit Chain

Last updated December 28, 2023
ProxyShell is an exploit chain targeting on-premise installations of Microsoft Exchange Server. It was demonstrated by Orange Tsai at Pwn2Own in April 2021 and is comprised of three CVEs that, when chained, allow a remote unauthenticated attacker to execute arbitrary code on vulnerable targets. The three CVEs are CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Details are available in Orange Tsai's [Black Hat USA 2020 talk](https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf) and follow-on [blog series](https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html). ProxyShell is being broadly exploited in the wild as of August 12, 2021.
11
2
Attacker Value
High

CVE-2022-22965

Disclosure Date: April 01, 2022 (last updated October 07, 2023)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
7
1
Attacker Value
Very High

CVE-2020-1337

Disclosure Date: August 17, 2020 (last updated January 19, 2024)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
Attack Vector: LocalPrivileges: LowUser Interaction: None
6
2
Attacker Value
Low

CVE-2019-14287

Disclosure Date: October 17, 2019 (last updated November 08, 2023)
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
1
5
Attacker Value
High

CVE-2022-21882

Disclosure Date: January 11, 2022 (last updated November 16, 2024)
Win32k Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
5
2
Attacker Value
High

CVE-2021-36955

Disclosure Date: September 15, 2021 (last updated November 28, 2024)
Windows Common Log File System Driver Elevation of Privilege Vulnerability
5
2
Attacker Value
Unknown

CVE-2021-34484

Disclosure Date: August 12, 2021 (last updated November 28, 2024)
Windows User Profile Service Elevation of Privilege Vulnerability
5
2
Attacker Value
High

CVE-2021-33771

Disclosure Date: July 14, 2021 (last updated February 23, 2025)
Windows Kernel Elevation of Privilege Vulnerability
5
2
Attacker Value
Unknown

CVE-2021-33742

Disclosure Date: June 08, 2021 (last updated February 22, 2025)
Windows MSHTML Platform Remote Code Execution Vulnerability
5
2
Attacker Value
High

CVE-2021-1732

Disclosure Date: February 25, 2021 (last updated February 22, 2025)
Windows Win32k Elevation of Privilege Vulnerability
6
1
View More Topics  < Previous  Next >