Patchapalooza Exploits

312 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-27065 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via ProxyLogon
Microsoft Exchange Server Remote Code Execution Vulnerability
by hictf
CVSS 7.8
CVE-2021-26855 PATCHAPALOOZA CRITICAL
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by shacojx
CVSS 9.1
CVE-2021-27065 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via ProxyLogon
Microsoft Exchange Server Remote Code Execution Vulnerability
by p0wershe11
CVSS 7.8
CVE-2021-27065 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via ProxyLogon
Microsoft Exchange Server Remote Code Execution Vulnerability
by RickGeex
CVSS 7.8
CVE-2021-27065 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via ProxyLogon
Microsoft Exchange Server Remote Code Execution Vulnerability
by evilashz
CVSS 7.8
CVE-2021-26855 PATCHAPALOOZA CRITICAL
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by gvillegas
CVSS 9.1
CVE-2021-26855 PATCHAPALOOZA CRITICAL
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by r0xdeadbeef
CVSS 9.1
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by wsstest
CVSS 10.0
CVE-2021-26855 PATCHAPALOOZA CRITICAL
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by shacojx
CVSS 9.1
CVE-2021-1732 PATCHAPALOOZA HIGH
Windows 10 1803-20H2 and Windows Server 1909-20H2 - Elevation of Privilege via Win32k ConsoleControl Offset Confusion
Windows Win32k Elevation of Privilege Vulnerability
by k-k-k-k-k
CVSS 7.8
CVE-2021-26855 PATCHAPALOOZA CRITICAL
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by Udyz
CVSS 9.1
CVE-2020-1350 PATCHAPALOOZA CRITICAL
Windows Server 2008, 2012, 2016, 2019 - Remote Code Execution in DNS Server
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
by chompie1337
CVSS 10.0
CVE-2018-0802 PATCHAPALOOZA HIGH
Microsoft Office Equation Editor - Remote Code Execution via Memory Corruption
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
by Solitude-Echo
CVSS 7.8
CVE-2019-0708 PATCHAPALOOZA CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by tancehello
CVSS 9.8
CVE-2019-0708 PATCHAPALOOZA CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by tancehello
CVSS 9.8
CVE-2020-17144 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
Microsoft Exchange Remote Code Execution Vulnerability
by delete_user
CVSS 8.4
CVE-2020-17144 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
Microsoft Exchange Remote Code Execution Vulnerability
by delete_user
CVSS 8.4
CVE-2017-11882 PATCHAPALOOZA HIGH
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by adai2022
CVSS 7.8
CVE-2020-17144 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
Microsoft Exchange Remote Code Execution Vulnerability
by h1d3r
CVSS 8.4
CVE-2020-1472 PATCHAPALOOZA MEDIUM
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by sh3llsas
CVSS 5.5
CVE-2020-0787 PATCHAPALOOZA HIGH
Windows BITS - Elevation of Privilege via Symbolic Link Mishandling
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
by F123BBXX
CVSS 7.8
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by keepb1ue
CVSS 10.0
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by keepb1ue
CVSS 10.0
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by keepb1ue
CVSS 10.0
CVE-2020-1472 PATCHAPALOOZA MEDIUM
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by omg2019
CVSS 5.5
By Source
All 312 Writeup 61,941 Exploitdb 50,073 Nomisec 22,294 Github 3,475 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,491 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 126 go 72 postscript 25 typescript 25