Patchapalooza Exploits
312 exploits tracked across all sources.
Microsoft Exchange Server - Path Traversal
Microsoft Exchange Server Remote Code Execution Vulnerability
by hictf
CVSS 7.8
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by shacojx
CVSS 9.1
Microsoft Exchange Server - Path Traversal
Microsoft Exchange Server Remote Code Execution Vulnerability
by p0wershe11
CVSS 7.8
Microsoft Exchange Server - Path Traversal
Microsoft Exchange Server Remote Code Execution Vulnerability
by RickGeex
CVSS 7.8
Microsoft Exchange Server - Path Traversal
Microsoft Exchange Server Remote Code Execution Vulnerability
by evilashz
CVSS 7.8
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by gvillegas
CVSS 9.1
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by r0xdeadbeef
CVSS 9.1
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by wsstest
CVSS 10.0
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by shacojx
CVSS 9.1
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
by k-k-k-k-k
CVSS 7.8
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by Udyz
CVSS 9.1
Microsoft Windows Server 2008 - Improper Input Validation
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
by chompie1337
CVSS 10.0
Microsoft Office - Out-of-Bounds Write
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
by Solitude-Echo
CVSS 7.8
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by tancehello
CVSS 9.8
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by tancehello
CVSS 9.8
Microsoft Exchange - RCE
Microsoft Exchange Remote Code Execution Vulnerability
by delete_user
CVSS 8.4
Microsoft Exchange - RCE
Microsoft Exchange Remote Code Execution Vulnerability
by delete_user
CVSS 8.4
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by adai2022
CVSS 7.8
Microsoft Exchange - RCE
Microsoft Exchange Remote Code Execution Vulnerability
by h1d3r
CVSS 8.4
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by sh3llsas
CVSS 5.5
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
by F123BBXX
CVSS 7.8
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by keepb1ue
CVSS 10.0
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by keepb1ue
CVSS 10.0
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by keepb1ue
CVSS 10.0
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by omg2019
CVSS 5.5
By Source